Decentralized database optimizations

ABSTRACT

Techniques for managing data stored within a database, such as a decentralized database are provided. Some techniques involve managing some data within a lower-trust database and some other data within a higher-trust database. A higher-trust database may be a decentralize database including a blockchain. A lower-trust database may store references to data within the blockchain, and optionally other data in association with those references. Disclosed techniques include WHERE clause query handling in databases with reference values, replacement of distinct data in a relational database with a distinct reference to that data, number line storing for secure indexing, APIs for databases, and consensus operations for private blockchain networks.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of U.S. patent applicationSer. No. 17/098,151, titled DECENTRALIZED DATABASE OPTIMIZATIONS, filed13 Nov. 2020. U.S. patent application Ser. No. 17/098,151 is acontinuation of U.S. patent application Ser. No. 16/432,873, titledDECENTRALIZED DATABASE OPTIMIZATIONS, filed 5 Jun. 2019, which claimsthe benefit of U.S. Provisional Patent Application 62/681,057, titledSIMPLE & COMPLEX WHERE CLAUSE QUERY IN DATABASE WITH REFERENCE VALUES,filed 5 Jun. 2018, U.S. Provisional Patent Application 62/681,059,titled REPLACING DISTINCT DATA IN A RELATIONAL DATABASE WITH A DISTINCTREFERENCE TO THAT DATA (BOX), filed 5 Jun. 2018, U.S. Provisional PatentApplication 62/681,060, titled NUMBER LINE SORT, filed 5 Jun. 2018, U.S.Provisional Patent Application 62/681,065, titled BLOCKCHAIN API, filed5 Jun. 2018, and U.S. Provisional Patent Application 62/681,068, titledCONSENSUS FROM WITHIN PRIVATE BLOCKCHAIN NETWORKS, filed 5 Jun. 2018;and the present application is a continuation-in-part of U.S. patentapplication Ser. No. 16/211,057, titled USING A TREE STRUCTURE TOSEGMENT AND DISTRIBUTE RECORDS ACROSS ONE OR MORE DECENTRALIZED, ACYLICGRAPHS OF CRYPTOGRAPHIC HASH POINTERS, filed 5 Dec. 2018, which is acontinuation of U.S. Pat. No. 10,193,696, titled USING A TREE STRUCTURETO SEGMENT AND DISTRIBUTE RECORDS ACROSS ONE OR MORE DECENTRALIZED,ACYLIC GRAPHS OF CRYPTOGRAPHIC HASH POINTERS, filed 10 Mar. 2018, whichis a continuation-in-part of U.S. Pat. No. 10,121,019, titled STORINGDIFFERENTIALS OF FILES IN A DISTRIBUTED BLOCKCHAIN, filed 11 Aug. 2017,which claims the benefit of U.S. Provisional Patent Application62/374,307, titled STORING DIFFERENTIALS OF FILES IN A DISTRIBUTEDBLOCKCHAIN, filed 12 Aug. 2016. The entire content of each of theseearlier-filed applications, and content incorporated by referencetherein, is hereby incorporated by reference herein for all purposes.

BACKGROUND 1. Field

The present disclosure relates generally to cybersecurity and, more,specifically to database application programming interfaces, databasequeries, and consensus in decentralized database applications.

2. Description of the Related Art

Datastores, such as document repositories, file systems, relationaldatabases, non-relational database, memory images, key-valuerepositories, and the like, are used in a variety of different types ofcomputing systems. Often, data to be stored is received by the datastoreand then later retrieved during a read operation. In many cases, thedatastore arranges the data in a manner that facilitates access based onan address of the data in the datastore (e.g., a file name) or contentof the data (e.g., a select statement in a structured query languagequery).

In many cases, the security and integrity of the data in the datastorecannot be trusted. Often, an attacker who has penetrated a computernetwork will modify or exfiltrate records in a datastore that areintended to be confidential. Further, in many cases, the attacker may becredentialed entity within a network, such a as rogue employee, makingmany traditional approaches to datastore security inadequate in somecases. Aggravating the risk, in many cases, such an attacker may attemptto mask their activity in a network by deleting access logs stored indatastores.

SUMMARY

The following is a non-exhaustive listing of some aspects of the presenttechniques. These and other aspects are described in the followingdisclosure.

Some aspects include a process including: receiving a query having aterm that specifies content that has been replaced in a first databasewith pointers to that content in a second database; detecting that theterm specifies content that has been replaced; translating the term intoa pointer or set of pointers that correspond to locations of thereplaced content in the second database; and submitting the query to thefirst database.

Some aspects include a process including: determining that a value in orto be written to a first table in a first database is to be representedwith a pointer to where that value is stored in a second database;storing the pointer in the first database in place of the value, whereinthe pointer does not reveal the value; determining that the value servesor is to serve as a foreign key in a second table of the first database;and in response, storing the pointer in place of the value in the secondtable of the first database.

Some aspects include a process including: obtaining access to a firstdatabase and second database, wherein: the first database storesrelationships between values of a plurality of fields, values of a firstsubset of the fields, and references to locations of values of a secondsubset of the fields stored in the second database, and the referencesdo not reveal the values stored in the second database at locationsindicated by the references; for a given field in the second subset,forming mapping each reference stored in the first database under thegiven field to a sort key, wherein: the sort keys are in a namespacethat indicates order of the sort keys, such that some sort keys aregreater than other sort keys in the namespace, the sort key namespace islarger than a cardinality of the given field, at least some sort keysare selected to be ordered in the namespace between: sort keys mapped toreferences that correspond to values in the second database that arelarger than a value in the second database corresponding to a referenceto be mapped to the respective sort key, and sort keys mapped toreferences that correspond to values in the second database that aresmaller than the value in the second database corresponding to thereference to be mapped to the respective sort key; receiving a queryconfigured to be applied to the first database; determining that thequery includes an operator that specifies a sort operation based on thegiven field in the second subset and, in response, reforming the queryto specify a sort operation based on the sort keys and not based onentries of stored in the first database under the given field.

Some aspects include a process including: receiving a record to bestored to be stored in one or more blockchains from a writing clientapplication; forming a first identifier of the record that distinguishesthe record from other records stored in the blockchain; providing thefirst identifier of the record to the writing client application;determining that the record is larger than a threshold size; in responseto the determination, encrypting the record, storing a resultingciphertext in a first datastore, and adding an entry to an index thatmaps the first identifier to the ciphertext in the first datastore;storing a first part of the record in the one or more blockchains;before storing all of the record in the one or more blockchains,receiving a first read request from a first reading client application,the first reading application being the writing client application or adifferent client application; in response to the first read request,accessing the ciphertext based on the entry in the index that maps thefirst identifier to the ciphertext in the first datastore, decryptingthe ciphertext to access the record, and providing the record to thefirst reading client application; finishing storing the record in theone or more blockchains and, in response, updating the index to map thefirst identifier to a location of at least part of the record in the oneor more blockchains and deleting a cryptographic key of the ciphertextor the ciphertext; before storing all of the record in the one or moreblockchains, receiving a second read request from a second readingclient application, the second reading application being the writingclient application, the first reading client application, or a differentclient application; and in response to the second read request,accessing the record in the blockchain based on the entry or an updatedentry in the index that maps the first identifier to the location of atleast part of the record in the one or more blockchains and providingthe record to the second reading client application, wherein the writerequest, the first read request, and the second read request arerepresentational state transfer application program interface requests,and at least part of the record is streamed to the second reading clientapplication before the entire record is retrieved from the one or moreblockchains.

Some aspects include a process including: receiving, at a master node, arecord to be stored and replicated in a plurality of blockchains;writing a first segment of the record in a first blockchain at themaster node and obtaining, as a result, a first reference token; writinga second segment of the record in the first blockchain at the masternode and obtaining, as a result, a second reference token; providing,from the master node, to a follower node, the first segment, the firstreference token, the second segment, and the second reference token;writing the first segment of the record in a second blockchain at thefollower node and obtaining, as a result, a third reference token;writing the second segment of the record in the second blockchain at thefollower node and obtaining, as a result, a third reference token; anddetermining that the first reference token matches the third referencetoken and that the second reference token matches the fourth referencetoken and, in response, confirming writing of the record to theplurality of blockchains.

Some aspects include a tangible, non-transitory, machine-readable mediumstoring instructions that when executed by a data processing apparatuscause the data processing apparatus to perform operations including oneor more of the above-mentioned processes.

Some aspects include a system, including: one or more processors; andmemory storing instructions that when executed by the processors causethe processors to effectuate operations of one or more of theabove-mentioned processes.

BRIEF DESCRIPTION OF THE DRAWINGS

The above-mentioned aspects and other aspects of the present techniqueswill be better understood when the present application is read in viewof the following figures in which like numbers indicate similar oridentical elements:

FIG. 1 is a logical and physical architecture block diagram that showsan example of a computing environment in which the present techniquesmay be implemented in accordance with some embodiments;

FIG. 2 is a flow chart that shows an example of a process to read andwrite a document to a tamper-evident, immutable data repository inaccordance with some embodiments;

FIG. 3 is a data model block diagram that shows an example of atamper-evident, immutable data repository that may be operated upon bythe process of FIG. 2 in accordance with some embodiments;

FIG. 4 is a flow chart that shows an example of a process by whichstored values may be fragmented and stored among a plurality ofdifferent tamper-evident, immutable directed acyclic graphs, such asthose shown in FIG. 3 , in accordance with some embodiments;

FIG. 5 is a data model block diagram that shows an example of atamper-evident, immutable data repository storing fragments of datadistributed among multiple directed acyclic graphs that may be operatedupon by the processes of FIGS. 4 and 6 in accordance with someembodiments;

FIG. 6 is a flow chart that shows an example of a process by which datamay be read from the data structure of FIG. 5 in accordance with someembodiments;

FIG. 7 is a flow chart that shows an example of a process by whichcryptographic hash pointers in tamper-evident data repositories may beformed to render the data repositories modular in accordance with someembodiments;

FIG. 8 is a flow chart that shows an example of a process by whichexisting workload applications and user interfaces may be retrofit tosecurely store and access relatively high-security data in a transparentfashion in accordance with some embodiments;

FIG. 9 is a flow chart that shows an example of a process by whichaccess requests to scattered data may be logged to a tamper-evident,immutable data repository in accordance with some embodiments;

FIG. 10 is a flow chart that shows an example of a process by which datain tamper-evident, immutable data repositories may be compressed bystoring differences between versions of documents or other units ofcontent in accordance with some embodiments;

FIG. 11 is a flow chart that shows an example of a process by whichversion graphs storing sequences of changes between versions ofdocuments may be traversed to read current versions of documents inaccordance with some embodiments;

FIG. 12 is a data model block diagram that shows an example of a datastructure by which a version graph may be stored as a sequence ofcontent graphs on a collection of verification graphs or othertamper-evident, immutable data repositories in accordance with someembodiments;

FIG. 13 is a data model diagram that shows an example of a data model bywhich data may be indexed based on a sortable value within a restricteddomain of index values without a delta-distance correspondence betweenadjacent data values at their respective adjacent index values tofacilitate obfuscation of sortable data value deltas for data valuesstored in verification graphs or other tamper-evident, immutable datarepositories in accordance with some embodiments;

FIG. 14A and FIG. 14B shows an example of a data model by which data maybe indexed based on a sortable value within a restricted domain of indexvalues without a delta-distance correspondence between adjacent datavalues at their respective adjacent index values to facilitateobfuscation of sortable data value deltas for data values stored inverification graphs or other tamper-evident, immutable data repositoriesin accordance with some embodiments;

FIG. 15 is a logical and physical architecture block diagram that showsan example of a computing environment in which an applicationprogramming interface may be implemented in accordance with someembodiments; and

FIG. 16 is a physical architecture block diagram that shows an exampleof a computing device by which the above techniques may be implemented.

While the present techniques are susceptible to various modificationsand alternative forms, specific embodiments thereof are shown by way ofexample in the drawings and will herein be described in detail. Thedrawings may not be to scale. It should be understood, however, that thedrawings and detailed description thereto are not intended to limit thepresent techniques to the particular form disclosed, but to thecontrary, the intention is to cover all modifications, equivalents, andalternatives falling within the spirit and scope of the presenttechniques as defined by the appended claims.

DETAILED DESCRIPTION OF CERTAIN EMBODIMENTS

To mitigate the problems described herein, the inventors had to bothinvent solutions and, in some cases just as importantly, recognizeproblems overlooked (or not yet foreseen) by others in the field ofcybersecurity. Indeed, the inventors wish to emphasize the difficulty ofrecognizing those problems that are nascent and will become much moreapparent in the future should trends in industry continue as theinventors expect. Further, because multiple problems are addressed, itshould be understood that some embodiments are problem-specific, and notall embodiments address every problem with traditional systems describedherein or provide every benefit described herein. That said,improvements that solve various permutations of these problems aredescribed below.

A variety of problems relating to security of datastores and networks ofcomputers used by organizations are addressed by various versions oftechniques described below. These different techniques can be usedtogether, synergistically in some cases, so their descriptions aregrouped into a single description that will be filed in multiple patentapplications with different claim sets targeting the differenttechniques and combinations thereof. In view of this approach, it shouldbe emphasized that the techniques are also independently useful and maybe deployed in isolation from one another or in any permutationcombining the different subsets of techniques, none of which to suggestthat any other description herein is limiting. Conceptually relatedgroups of these techniques are preceded by headings below. Theseheadings should not be read as suggesting that the subject matterunderneath different headings may not be combined, that every embodimentdescribed under the heading has all of the features of the heading, orthat every feature under a given heading must be present in anembodiment consistent with the corresponding conceptually related groupof techniques, again which is not to suggest that any other descriptionis limiting.

Example Computing Environment in which One or More Disclosed TechniquesMay be Implemented

The techniques described herein are best understood in view of anexample computing environment 10 shown in FIG. 1 . The computingenvironment 10 is one example of many computing architectures in whichthe present techniques may be implemented. In some embodiments, thepresent techniques are implemented as a multi-tenant distributedapplication in which some computing hardware is shared by multipletenants that access resources on the computing hardware in computingdevices controlled by those tenants, for example, on various local areanetworks operated by the tenants. Or in some cases, a single tenant mayexecute each of the illustrated computational entities onprivately-controlled hardware, with multiple instances of the computingenvironment 10 existing for different organizations. Or some embodimentsmay implement a hybrid approach in which multi-tenant computingresources (e.g., computers, virtual machines, containers, microkernels,or the like) are combined with on-premises computing resources orprivate cloud resources. In some embodiments, the computing environment10 may include and extend upon the security features of a computingenvironment described in U.S. patent application Ser. No. 15/171,347,titled COMPUTER SECURITY AND USAGE-ANALYSIS SYSTEM, filed 2 Jun. 2016,the contents of which are hereby incorporated by reference.

In some embodiments, the computing environment 10 includes a pluralityof client computing devices 12, a lower-trust database 14, securedistributed storage 16, a domain name service 18, and a translatorserver 20 (or elastically scalable collection of instances of translatorservers disposed behind a load balancer). In some embodiments, each ofthese components may communicate with one another via the Internet 22and various local area networks in some cases. In some embodiments,communication may be via virtual private networks overlaid on top of thepublic Internet. In some embodiments, the illustrated components may begeographically distributed, for example, more than 1 kilometer apart,more than 100 kilometers apart, more than a thousand kilometers apart,or further, for example distributed over the content event of NorthAmerica, or the world. Or in some cases, the components may beco-located and hosted within a airgapped or non-airgapped privatenetwork. In some embodiments, each of the illustrated blocks thatconnects to the Internet 22 may be implemented with one or more of thecomputing devices described below with reference to FIG. 13 .

In some embodiments, each of the client computing devices 12 may be oneof a plurality of computing devices operated by users or applications ofan entity that wishes to securely store data. For example, a givenbusiness or governmental organization may have more than 10, more than100, more than 1,000, or more than 10,000 users and applications, eachhaving associated computing devices that access data stored in thelower-trust database 14 (or a collection of such databases or othertypes of datastores) and the secure distributed storage 16. In someembodiments, multiple entities may access the system in the competingenvironment 10, for example more than five, more than 50, more than 500,or more than 5000 different entities may access shared resources withrespective client computing devices or may have their own instance ofthe computing environment 10. In some embodiments, some of the clientcomputing devices 12 are end-user devices, for example, executing aclient-side component of a distributed application that stores data inthe lower-trust database 14 and the secure distributed storage 16, orreads is such data. Client computing devices may be laptops, desktops,tablets, smartphones, or rack-mounted computing devices, like servers.In some embodiments, the client-computing devices are Internet-of-thingsappliances, like smart televisions, set-top media payers, securitycameras, smart locks, self-driving cars, autonomous drones, industrialsensors, industrial actuators (like electric motors), or in-storekiosks. In some embodiments, some of the client computing devices 12 maybe headless computing entities, such as containers, microkernels,virtual machines, or rack-mounted servers that execute a monolithicapplication or one or more services in a service-oriented application,like a micro services architecture, that stores or otherwise axis isdata in the lower-trust database 14 or the secure distributed storage16.

In some embodiments, the lower-trust database 14 and the securedistributed storage 16 may each store a portion of the data accessedwith the client computing devices 12, in some cases with pointerstherebetween stored in one or both of these datastores. In someembodiments, as described below, this data may be stored in a mannerthat abstracts away the secure distributed storage 16 from a workloadapplication through which the data is accessed (e.g., read or written).In some embodiments, data access operations may store or access data inthe lower-trust database 14 and the secure distributed storage 16 with aworkload application that is not specifically configured to access datain the secure distributed storage 16, e.g., one that is configured tooperate without regard to whether the secure distributed storage 16 ispresent, and for which the storage of data in the secure distributedstorage 16 is transparent to the workload application storing content inthe lower-trust database 14 and the secure distributed storage 16. Insome embodiments, such a workload application may be configured to, andotherwise designed to, interface only with the lower-trust database 14when storing this data, and as described below, some embodiments maywrap interfaces for the lower-trust database 14 with additional logicthat routes some of the data to the secure distributed storage 16 andretrieves that data from the secure distributed storage 16 in a mannerthat is transparent to the workload application accessing content (i.e.,data written or read by the workload application).

Content stored in the lower-trust database 14 and secure distributedstorage 16 may be created or accessed with a variety of different typesof applications, such as monolithic applications or multi-servicedistributed applications (e.g., implementing a microservicesarchitecture in which each service is hosted by one of the clientcomputing devices 12). Examples include email, word processing systems,spreadsheet applications, version control systems, customer relationshipmanagement systems, human resources computer systems, accountingsystems, enterprise resource management systems, inventory managementsystems, logistics systems, secure chat computer systems, industrialprocess controls and monitoring, trading platforms, banking systems, andthe like. Such applications that generate or access content in thedatabase 14 for purposes of serving the application's functionality arereferred to herein as “workload applications,” to distinguish thoseapplications from infrastructure code by which the present techniquesare implemented, which is not to suggest that these bodies of codecannot be integrated in some embodiments into a single workloadapplication having the infrastructure functionality. In some cases,several workload applications (e.g., more than 2, more than 10, or morethan 50), such as selected among those in the preceding list, may shareresources provided by the infrastructure code and functionalitydescribed herein.

In some embodiments, the lower-trust database 14 is one of the varioustypes of datastores described above. In some cases, the lower-trustdatabase 14 is a relational database, having a plurality of tables, eachwith a set of columns corresponding to different fields, or types ofvalues, stored in rows, or records (i.e., a row in some implementations)in the table, in some cases, each record, corresponding to a row may bea tuple with a primary key that is unique within that respective table,one or more foreign keys that are primary keys in other tables, and oneor more other values corresponding to different columns that specifydifferent fields in the tuple. Or in some cases, the database may be acolumn-oriented database in which records are stored in columns, withdifferent rows corresponding to different fields. In some embodiments,the lower-trust database 14 may be a relational database configured tobe accessed with structured query language (SQL) commands, such ascommands to select records satisfying criteria specified in the command,commands to join records from multiple tables, or commands to writevalues to records in these tables.

Or in some cases, the lower-trust database 14 may be another type ofdatabase, such as a noSQL database, like various types of non-relationaldatabases. In some embodiments, the lower-trust database 14 is adocument-oriented database, such as a database storing a plurality ofserialized hierarchical data format documents, like JavaScript™ objectnotation (JSON) documents, or extensible markup language (XML)documents. Access requests in some case may take the form of xpath orJSON-path commands. In some embodiments, the lower-trust database 14 isa key-value data store having a collection of key-value pairs in whichdata is stored. Or in some cases, the lower-trust database 14 is any ofa variety of other types of datastores, for instance, such as instancesof documents in a version control system, memory images, a distributedor non-distributed file-system, or the like. A single lower-trustdatabase 14 is shown, but embodiments are consistent with, and incommercial instances likely to include, substantially more, such as morethan two, more than five, or more than 10 different databases, in somecases of different types among the examples described above. In someembodiments, some of the lower-trust databases may be database of asoftware-as-a-service application hosted by a third party and accessedvia a third party application program interface via exchanges with, forinstance, a user's web browser or another application. In some cases,the lower-trust database 14 is a mutable data store or an immutable datastore.

In some cases, access to data in the lower-trust database 14, andcorresponding access to corresponding records in the secure distributedstorage 16, may be designated in part with roles and permissions storedin association with various user accounts of an application used toaccess that data. In some embodiments, these permissions may bemodified, for example, revoked, or otherwise adjusted, with thetechniques described in U.S. patent application Ser. No. 15/171,347,titled COMPUTER SECURITY AND USAGE-ANALYSIS SYSTEM, filed 2 Jun. 2016,the contents of which are hereby incorporated by reference.

The database 14 is described as “lower-trust.” The term “lower-trust”does not require an absolute measure of trust or any particular state ofmind with respect to any party, but rather serves to distinguish thedatabase 14 from the secure distributed storage 16 which has certainsecurity features in some implementations described below and in somecases may be referred to as a “higher-trust” database.

In some cases, some of the data that an application writes to, or haswritten to, the lower-trust database 14 may be intercepted or moved tothe secure distributed storage 16 with techniques described below.Further, access requests from a workload application to the lower-trustdatabase 14 may be intercepted, or responses from such access requestmay be intercepted, and data from the lower-trust database 14 may bemerged with data from the secure distributed storage 16 that isresponsive to the request before being presented to the application, asdescribed in greater detail below. Further, read requests may beintercepted, modified, and iteratively executed in a manner that limitshow much information in the secure distributed storage is revealed to aclient computing device at any one time, as described below.

In some embodiments, the secure distributed storage 16 may include acollection of data centers 24, which may be distributed geographicallyand be of heterogeneous architectures. In some embodiments, the datacenters 24 may be various public or private clouds or on-premises datacenters for one or more organization-users, such as tenants, of thecomputing environment 10. In some embodiments, the data centers 24 maybe geographically distributed over the United States, North America, orthe world, in some cases with different data centers more than 100 or1,000 kilometers apart, and in some cases with different data centers 24in different jurisdictions. In some embodiments, each of the datacenters 24 may include a distinct private subnet through which computingdevices, such as rack-mounted computing devices in the subnetcommunicate, for example, via wrap top-of-rack switches within a datacenter, behind a firewall relative to the Internet 22. In someembodiments, each of the data centers 24, or different subsets of thedata centers 24, may be operated by a different entity, implementing adifferent security architecture and having a different applicationprogram interface to access computing resources, examples includingAmazon Web Services™, Azure from Microsoft™, and Rack Space™. Threedifferent data centers 24 are shown, but embodiments are consistentwith, and in commercial implementations likely to include, more datacenters, such as more than five, more than 15, or more than 50. In somecases, the datacenters may be from the same provider but in differentregions.

In some embodiments, each of the data centers 24 includes a plurality ofdifferent hosts exposed by different computational entities, likemicrokernels, containers, virtual machines, or computing devicesexecuting a non-virtualized operating system. Each host may have anInternet Protocol address on the subnet of the respective data center 24and may listen to and transmit via a port assigned to an instance of anapplication described below by which data is stored in a distributedledger. In some embodiments, each storage compute node 26 may correspondto a different network hosts, each network coast having a server thatmonitors a port, and configured to implement an instance of one of thebelow-described directed acyclic graphs with hash pointers implementingimmutable, tamper-evident distributed ledgers, examples include blockchains and related data structures. In some cases, these storage computenodes 26 may be replicated, in some cases across data centers 24, forexample, with three or more instances serving as replicated instances,and some embodiments may implement techniques described below todetermine consensus among these replicated instances as to state ofstored data. Further, some embodiments may elastically scale the numberof such instances based on amount of data stored, amounts of accessrequests, or the like.

Some embodiments may further include a domain name service (DNS) 18,such as a private DNS that maps uniform resource identifiers (such asuniform resource locators) to Internet Protocol address/port numberpairs, for example, of the storage compute nodes 26, the translator 20,and in some cases other client computing devices 12 or other resourcesin the computing environment 10. In some embodiments, a client computingdevice 12, a storage compute node 16, the database 14, or translator 20may encounter a uniform resource identifier, such as a uniform resourcelocator, and that computing entity may be configured to access the DNS18 at an IP address and port number pair of the DNS 18. The entity maysend a request to the DNS 18 with the uniform resource identifier, andthe DNS 18 may respond with a network and process address, such asInternet Protocol address and port number pair corresponding to theuniform resource identifier. As a result, underlying computing devicesmay be replaced, replicated, moved, or otherwise adjusted, withoutimpairing cross-references between information stored on differentcomputing devices. Or some embodiments may achieve such flexibilitywithout using a domain name service 18, for example, by implementing adistributed hash table or load-balancing that consistently maps databased on data content, for example based on a prefix or suffix of a hashbased on the data or identifiers of data to the appropriate computingdevice or host. For instance, some embodiments may implement a loadbalancer that routes requests to storage compute nodes 26 based on aprefix of a node identifier, such as a preceding or trailing thresholdnumber of characters.

Some embodiments may further include a virtual machine or containermanager configured to orchestrate or otherwise elastically scaleinstances of compute nodes and instances of the translator 20, forinstance, automatically applying corresponding images to provisionedresources within one or more data centers 24 responsive to need andspinning down instances as need diminishes.

In some embodiments, the translator 20 may be configured to execute aroutine described in greater detail below that translates between anaddress space of the lower-trust database 14 and an address space of thesecure distributed storage 16. In some embodiments, the translator 20may receive one or more records from the client computing device 12 thatis going to be written to the lower-trust database 14, or may receivesuch records from the lower-trust database 14, and those records may bemapped to the below-describe segment identifiers (or other pointers,such as other node identifiers) in the secure distributed storage 16.The translator 20 may then cause those records to be stored in thesecure distributed storage 16 and the segment identifiers to be storedin place of those records in the lower-trust database 14, such as inplace of individual values in records. In some embodiments, translationmay happen at the level of individual values corresponding to individualfields in individual records, like rows of a table in the database 14,or some embodiments may translate larger collections of data, forexample, accepting entire records, like entire rows, or plurality ofcolumns, like a primary key and an individual value other than theprimary key in a given row. Some embodiments may accept files or otherbinary larger objects (BLOBS). The translator 20 that may then replacethose values in the lower-trust database 14 with a pointer, like asegment identifier in the secure distributed storage, in the mannerdescribed below, and then cause those that data to be stored in thesecure distributed storage 16 in the manner described below. In someexamples, documents may be stored, which may be relatively smallstand-alone values to binary large objects encoding file-system objectslike word-processing files, audio files, video files, chat logs,compressed directories, and the like. In some cases, a document maycorrespond to an individual value within a database, or document maycorrespond to a file or other binary large object. In some cases,documents may be larger than one byte, 100 bytes, 1 kB, 100 kB, 1 MB, or1 GB. In some embodiments, documents may correspond to messages in amessaging system, or printable document format documents, MicrosoftWord™ documents, audio files, video files or the like.

In some embodiments, the translator 20 may include code that receivesrequests from drivers and facilitates the translation of data. In somecases, the translator 20 may be one of an elastically scaled set oftranslators 20 remotely hosted in a public or private cloud. Thetranslator may, in some cases, implement the following functions:

1. Validate Request

a. Using a database, some embodiments validate a combination of usersupplied parameters such as predefined software IDs, client IDs, andmachine specific identifiers registered at install time. This iscompared against a known list and then further verified with IP addressand/or other network specific parameters.

2. Data Validate

a. Parsing the HTTP body and then decoding some embodiments determinethe unique list of reference values to replace with plain text. Using adatabase, some embodiments first check if the requesting machine has therights to access the data. Next using a database, some embodiments findthe network name of the first hop of the piece of data and place into anarray.

3. Threshold Check

a. With the location of each unique requested segment (or node ordocument or content) identifier, some embodiments check against a seriesof threshold or rate objects. Some embodiments look for access rate,time window, or location based rules and apply the requested dataagainst a mapping of rules. If any particular data is breaking athreshold then an anomaly in the system is generated resulting innotifications and logging in some embodiments.

4. Jobs

a. The translator 20 may split up the data requests into jobs and placesthe job onto a work queue. The split may be done by a static per messagejob size and may use a deal-letter exchange to retry and finally failmessages

5. Response Function

a. Data may be returned from the queue and plain text values may bematched and replaced with the corresponding pointers (such as segment,document, node, or unit-of-content identifiers, which is not to suggestthat these or any other list of categories describe disjoint sets). Onceall jobs have returned the response a response may be returned in someembodiments.

In some embodiments, the client computing devices 12 may each execute anoperating system in which one or more applications 28 execute. Theseapplications may include client-side portions of the above-describedexamples of workload applications, which may include business logic andother program code by which a service in a micro-services architectureis implemented. In some embodiments, the applications 28 may bedifferent in different client computing devices, and an individualclient computing device may execute a plurality of differentapplications. In some embodiments, the applications 28 may be configuredto interface with the lower-trust database 14 via a database driver 32executed within the operating system. The database driver 32 may be anyof a variety of different types of drivers such as an ODBC driver, aJDBC driver, and the like. In some embodiments, the database driver 32may be configured to access the lower-trust database 14 via a networkinterface 34 of the client computing device 12, such as a networkinterface card connected to a physical media of a local area network bywhich the Internet 22 is accessed.

Some embodiments may further include a security driver 30 thatinterfaces between the application 28 and the database driver 32. Insome embodiments, the security driver 30 may be transparent to theapplication 28, such that an application program interface of thedatabase driver 32 is presented to the application 28 by the securitydriver 30, and that application program interface may be unmodified fromthe perspective of the application 28 relative to that presented by thedatabase driver 32 in some cases. In some embodiments, the securitydriver 30 may wrap an application program interface of the databasedriver 32, such that the security driver 30 receives application programinterface requests from the application 28 to the driver 32, acts onthose requests, and in some cases modifies those requests, and thenprovides the request in some cases with modifications to the databasedriver 32. Similarly, responses back to the application 28 may beprovided by the security driver 30 and in a manner consistent with thatprovided by the driver 32, as described in greater detail below.

In some embodiments, the security driver 30 is configured to engage thetranslator 20 after (or to perform) splitting data being written to (orattempting) the lower-trust database 14 by the application 28 intohigher-security data and lower-security data. Again, the terms“lower-security” and “higher-security” serve to distinguish dataclassified differently for purposes of security and do not requiremeasurement against an absolute security metric or a state of mind. Thelower-security data may then be written by the database driver 32 to thelower-trust database 14 in the manner provided for by the application 28without regard to whether the security driver 30 is present.

The higher-security data, on the other hand, may be stored in a mannerdescribed below by the translator 20 that renders that data relativelyrobust to attacks by malicious actors. When returning data to theapplication 28, for example in response to receiving a read request,these operations may be reversed in some cases. Again, these operationsare described in greater detail below. Generally, in some embodiments,the data from the lower-trust database 14 and the data from the securedistributed storage 16 may be merged by the security driver 30, in somecases, before that data is presented to the application 28. By acting onthe higher-security data within the client computing device 12, beforethat data leaves the client computing device 12, some embodiments mayreduce an attack service of the computing environment 10. That said, notall embodiments provide this benefit, and some embodiments may implementthe functionality of the security driver 30 outside of the clientcomputing devices 12, for example, in a database gateway, in a databasemanagement system implemented at the lower-trust database 14, or onanother standalone application executed in a computing device disposedbetween the lower-trust database 14 and the network and the clientcomputing device 12 in a path to the lower-trust database 14.

In some embodiments, the security driver 30 includes an outbound pathand an inbound path. In some embodiments, the outbound path includes anout-parser 36, a validator 38, a data multiplexer 40. The out-parser mayclassify values as higher-security or lower-security values applying oneor more rules in a data policy described below. The validator mayperform the statement validate function described below. The multiplexermay route data to the lower-trust database 14 or the translator 20 basedon the security classification. In some embodiments, the inbound pathincludes an in parser 42, and a data de-multiplexer 44. The inbound pathmay include a parser 42 configured to detect pointers to data in queryresponses from the lower-trust database 14 that point to data in thesecure distributed storage 16. The parser 42 may call the translator 20to request that pointers be replaced with more securely stored data. Insome cases, the de-multiplexer 44 may merge data from the translator 20with lower-security data in the same query response. In some cases, thesecurity driver may implement a process described below with referenceto FIG. 8 and perform the following functions:

1. Statement Parse

a. For a SELECT statement, there could be a WHERE clause which islooking to match data in a protected column. During this phase, someembodiments parse the SELECT statement and check if there is a need toflip any plain text values in the WHERE clause into the reference space.The statement may be marked for processing and passed along.

b. For an INSERT or UPDATE statement, there could be data in either thestatement body or the WHERE clause (INSERT). During this phase, someembodiments parse the statement and check if there is a need to flip anyplain text values in the WHERE clause or body into the reference space.The statement may be marked for processing and passed along.

c. The security driver may use a locally kept copy of the currentprotection settings for a given client. In some embodiments, it is thislocally kept and updated (e.g., periodically or constantly) table thatthe database, table, and column names in the statements are comparedagainst. The time between getting a new state table is determined byvarious factors.

2. Statement Validate

a. During the operation of a database command some embodiments check thestatement for potential injection or other malicious SQL statements andblock the query or log that the event happened. This is a locallysupported operation that can be done by each driver in some cases.

3. Statement Process

a. Depending upon the results of Parse, the driver may make HTTPrequests to a preset URL and asks for plain-text data to be switchedinto the reference space, e.g., by the translator 20.

b. The statement may be updated with reference space data if needed andthe statement may be delivered to the lower-trust database 14 server.

4. Result Set Process

a. For a SELECT statement the result set is processed and if columns inthe returned data match any entries in the locally held table, thesecurity driver 20 may perform HTTP requests to switch reference spacedata to plain text space.

b. The driver 30 may iterate over the data and selects distinct valuesto place into an HTTP body and requests made using a preset URL andsystem DNS 18, e.g., by engaging the translator 20.

c. Data may be returned and replaced for each occurrence in the resultset and returned to the application 28 in some cases.

Various aspects of the system above, or other architecture may implementvarious techniques expanded upon below under distinct headings.

Immutable Datastore for Low-Latency Reading and Writing of Large DataSets

Generally, traditional databases do not adequately protect againstthreat actors or internal resources (employees, information-technologystaff, etc.) tampering with the data. At best, such systems typicallyprovide audit access and the ability to modify the stored data, but theaudit logs typically are mutable and, thus, can be changed just aseasily as the data.

Recent immutable examples of databases include blockchain-baseddatabases, such as bitcoind and MultiChain. Blockchain systems are builtupon ideas first described in a paper titled “Bitcoin: A Peer-to-PeerElectronic Cash System” under the pseudonym Satoshi Nakamoto in October2008. These systems typically implement a peer-to-peer system based onsome combination of encryption, consensus algorithms, and proof-of-X,where X is some aspect that is difficult to consolidate across thenetwork, such as proof-of-work, proof-of-stake, proof-of-storage, etc.Typically, those actors on a network having proof-of-X arrive at aconsensus regarding the validation of peer-to-peer transactions, oftenusing various consensus algorithms like Paxos, Raft, or hashgraph. Orsome private blockchains do not implement proof-of-X consensus, e.g.,where the computing hardware implementing the blockchain is controlledby trusted parties. Chained cryptographic operations tie a sequence ofsuch transactions into a chain that once validated, is typicallyprohibitively computationally expensive to falsify.

However, many extant blockchain-based databases are not well suited forcertain use cases, particularly those involving latency-sensitive access(e.g., reading or writing) to large files (e.g., documents or othercollections of binary data treated as a single entity, often called“blobs”), for instance in a blockchain-hosted filesystem. Indeed, manyblockchain databases are not readily configured to store large objectsand object files (e.g., on the order of 500 kilobytes or larger,depending on the use case and acceptable latency), as such systems aretypically highly specialized for small-payload “transactional”applications. In such systems, when storing larger collections of binarydata (e.g., files or blobs), the chain can dramatically slow as thechain gets bigger, particularly for write operations.

As noted above, blockchains generally allow for small bits ofinformation to be stored in an immutable data structure, but the momentdata in the chain is altered, the chain is broken and can no longerfunction in a manner that represents the data to be valid. The mostcommon blockchain implementation is the publicly accessible Bitcoinledger (for which Blockchains were designed).

As noted, such systems present certain problems for some use cases.These, and other problems are mitigated by some embodiments of a systemreferred to below as “Docuchain.” Docuchain is a blockchain softwaresuite specifically designed for low-latency put and get operations ofBinary Large Objects (BLOBs). Docuchain, in some embodiments, uses animproved version of an underlying data structure called “Merkle Trees”to provide the immutable properties of the Blockchain. In someembodiments, Docuchain is operative to respond to commands within lessthan 50 milliseconds (ms), e.g., and many commercial implementations areexpected to provide sub 10 ms operations as perceived by the applicationinteracting with the chain, and sub 5 ms operations at the level of thechain. Further, such response times are expected to scale with the chainsize. Some embodiments may scale response times at n log(n), wherein nis the number of entries in the chain.

Merkle Trees generally work by a tree of cryptographic hashes in whicheach element of the tree contains a hash of the information contained byits children, and leaf elements are hashes of the subject data stored inthe Merkle Tree. In many traditional implementations of Merkle Trees forthe purposes of storing data, like those in many earlier blockchaindatabases, the data is stored in a separate logical datastore, hashed,and just the hash is carried into the Merkle Trees. That is, the databeing by the database stored is not part of the Merkle Tree, only a hashdigest of the data is part of the Merkle Tree.

To mitigate some of the problems with traditional blockchain databases,some embodiments of Docuchain store the data directly in Merkle Trees,though embodiments are not limited to data storage in Merkle Trees,which is not to suggest that other descriptions are limiting. That is,when data is written to the database or read from the database, thatdata is written into specific fields of the elements (e.g., attributesof node content of nodes) of the Merkle Tree or read from specificfields of the elements of the Merkle Tree (rather than just a hashdigest of the data residing in the Merkle Tree with the entire dataresiding in an external datastore). With this tight coupling, if thedata is altered at all, the entire hash for the tree (as is distinctfrom a hash of a file stored in the database) is thrown off immediatelyand ultimately the chain will be broken and detected as such duringvalidation operations. Additionally, some embodiments prevent the BLOBfrom ever being stored in an external (potentially mutable and lesssecure) datastore. Finally, the tight coupling of the data to the treeis expected to reduce the number of read/write operations necessary totransact with the chain, further reducing potential latency.

In some embodiments, Docuchain contains two components: LibDocuchain andDocuSocket.

In some embodiments, LibDocuchain is a software library that containsthe following data structures:

-   -   MerkleTree<H, T>    -   DataBlock<H, T>    -   BlockManager<H, T>    -   where “H” represents a cryptographic hashing function, and “T”        represents the data type being stored in the chain. Generally,        hashing functions map data of arbitrary size to data of fixed        size. Examples of cryptographic hash functions include SHA256,        SHA-2, MD5, and the like (e.g., applied more than once        Docuchain, in some embodiments, can use a variety of different        types of hashing functions and this is expected to include later        developed hashing algorithms (e.g., new post-quantum        cryptographic hashes).

The BlockManager, in some embodiments, is responsible for taking data,placing into the appropriate block and inserting into the appropriateMerkle tree, writing to disk at the appropriate times, increasing (e.g.,guaranteeing) chain durability (i.e., tamper-resistance). Additionally,in some embodiments, there is a JobManager that manages concurrentoperations on the datastructures to deliver operation times.

In some embodiments, DocuSocket is a software library that maintainsconnections to clients, e.g., remote computing devices seeking to accessdata stored in the database. Connections from clients may be relativelystateless (and in some cases, after a session is confirmed there is nofurther state). A connection, in some embodiments, can accept anarbitrary amount of requests in an arbitrary order and will returnresponses to the requests in arbitrary order. Example, the connectionmight receive write (A), write (B), read (C) operations, and in someembodiments, the Docusocket may respond to request C before A or B.However, once a transaction response comes for A or B, those operationsin some embodiments are considered final and are committed to the chainand are instantly queryable. This “always-on” and highly-availableconnection is one differentiator that allows Docusocket to out-performstandard blockchains in comparable benchmarks. (That said, not allembodiments afford these benefits, as various independently usefulinventions are described, and some of those inventions might be used toother ends.)

Write requests, in some embodiments, are accepted through Docusocket andpassed off to BlockManager for writing into a MerkleTree object. In somecases, the result of this operation is a hash composed from the positionin the MerkleTree, the hash from the previous block, and the contents ofthe data that is written; this is called the Transaction ID (TXID),which is an example of a node identifier or pointer (which is not tosuggest that these or other categories are disjoint). In someembodiments, these TXIDs are stored in alternate data stores for laterreferencing and retrieval, e.g., in the lower-trust database 14 in placeof the data to which they point, or in a lower-trust file system inplace of documents referenced by the TXIDs. In some cases, the TXID'sare segment pointers to a linked list of segment pointers and segmentsthat encode the stored data.

As noted, earlier blockchain databases are capable of storing blobs, butthe way in which the data is stored and accessed often imposes severperformance penalties when accessing larger collections of data (e.g.,larger BLOBs). Such systems often rely on additional functionalityoriginally intended to handle the transactive nature of bitcoins andother cryptocurrencies. This additional functionality is often providedby an “in-chain” scripting language which defines the transactions thatenter the chain. For many use cases, this is a secure and efficientmethod of maintaining a ledger, however for larger chains, thesefeatures come at significant time complexity cost, particularly in writeoperations. As these chains grow, they become significantly slower.Blockchain document databases that store the documents in-chain areexpected to grow very fast, thus putting significant limitations on whatis practically possible with prior technology.

In contrast, because some embodiments of Docuchain store data in itsexact representation (which should not be read to exclude varioustransformations and may include storing a compressed, encrypted copy ofthe data) directly in the Merkle Tree, those embodiments are expected tobe able to circumvent the need to have the in-chain scripting languageand are able to provide O(log(n)) get/put operations on a tree once itis loaded in memory. Further, storing the data being committed to thedatabase, rather than just a hash digest, in the Merkle Tree is expectedto impede (and in some cases defeat) hash collision attacks on thestored data. In such attacks, malicious content is selected and designedto produce the same hash as stored data, and that malicious data issubstituted in the database for the authentic data. With traditionalsystems, the Merkle Tree will yield a hash value that validates themalicious content as authentic. In contrast, some embodiments circumventthis attack vector by storing the data committed to the database in theMerkle Tree. Further, some embodiments may detect changes without theneed to continually verify each BLOB with its respective hash digest ona continual basis, unlike many systems that merely store a hash digestof the BLOB in the chain. That said, not all embodiments afford thesebenefits, e.g., some embodiments may avoid the use of traditionalin-chain scripts to access hashed digests in the chain, without storingthe entire document, thereby expediting operations.

These libraries may implement an example of a process shown in FIG. 2 ,which shows an example of a process 50 that may be implemented to storeand access documents in a, immutable, tamper-evident data structure, anexample of which is shown in FIG. 3 . In some embodiments, the process50 may be implemented in the computing environment 10 described above,but it should be emphasized that embodiments are not limited to thatimplementation, which is not to suggest that any other description islimiting. Indeed, some embodiments may implement versions of the processshown on a single computing device as part of a monolithic application,such as a file manager that stores documents locally in the describedfashion.

In some embodiments, the operations of the process 50, and the otherprocesses described herein, may be implemented in a different order fromthat described, may include steps that are repeated, may include stepsthat are executed concurrently, may include steps that are omitted, ormay be otherwise differently arranged from the exemplary arrangementsdescribed, none of which is to suggest that other descriptions arelimiting. Further, the operations of the process 50 and the otherprocesses and functionality described herein may be implemented byexecuting instructions stored on a tangible, non-transitory,machine-readable medium with one or more processors, such that when theinstructions are executed, the described functionality is effectuated.In some cases, notwithstanding the use of the singular medium, theoperations may be stored on multiple media in a distributed fashion, forexample, with different subsets of the instructions stored in memory ofdifferent computing devices that execute those different respectiveinstructions, an arrangement which is consistent with the singular“medium” as that term is used herein. Further, storage of data need notbe persistent in the absence of power and may be effectuated with eitherpersistent data storage or dynamic data storage, such as dynamic randomaccess memory that may dissipate stored data when power is removed.

In some embodiments, the process 50 includes receiving a write commandrequesting that a document associated with the write command be storedin an immutable data structure, as indicated by block 52, such as atamper-evident immutable data structure. In some cases, the writecommand may be a SQL command to write to the above-described lower-trustdata store 14 from the application 28 received by the security driver30, or the command may be a command to store a file or other document ina file system. For instance, in some cases, the write command may be arequest received by a file manager of an operating system to store afile in a repository presented as a network drive within a userinterface of the operating system, where some or all of the networkdrive is hosted in the immutable data structure like that describedbelow with reference to FIGS. 3 and 5 . In some embodiments, the writecommand may be generated programmatically, or in some cases the writecommand may be generated responsive to a user input requesting that, forexample, a document be stored. As noted above, the term “document” isused relatively expansively herein and may include storage of anindividual bites of information, or larger binary large objects, such asfiles ranging up to multiple gigabits or larger. Files may includestored data associated with metadata, like author, file-size, creationdate, modification date, a file-name, an extension, and the like. Suchfiles may be consistent with the definitions of files in the Windows™,Android™, iOS™, Linux™, or Mac™ operating systems.

The term “immutable” in the phrase “immutable data structure” refers toan arrangement of data that the computing system and write the rightcommand is configured to leave in place even after the informationrepresented by the data changes. For example, the data might represent auser's telephone number, and embodiments using an immutable datastructure may write a new record indicating a new telephone number,rather than overwrite an existing record. Thus, both the older versionand the newer version are preserved (and may be labeled as the older ornewer version) even after the value changes. Such embodiments may thenreference a most recent representation of the value for that field toeffectuate the change, rather than deleting the old instance. In someembodiments, the immutable data structure may be a tamper-evident datastructure that is computationally infeasible to modify without themodification being detectable to a party auditing the data structure.Some embodiments may implement cryptographic hash pointers describedbelow in a directed acyclic graph that make it computationallyinfeasible for a party to modify stored data without those modificationsbeing evident in virtue of inconsistent hash values elsewhere in thedata structure. Computational feasibility may depend on the use case,for example, whether economics and time available provide for certainamounts of competing resources to be brought to bear. In many cases, anoperation requiring more than 10{circumflex over ( )}128 hashes onaverage to manufacture a collision with altered data may be said to becomputationally infeasible.

In some embodiments, the process 50 may include forming nodes of adirected acyclic graph having node content that includes the document,as indicated by block 54. Forming nodes may include accessing existingnodes and inserting node content into those nodes or forming entire newdata structures by which nodes are encoded. In some embodiments, eachnode may include node content with a collection of attributes, which insome cases may include a pointer to another node. In some embodiments,those node attributes may include a pointer that is an identifier of anadjacent node in the directed acyclic graph and a cryptographic hashvalue based upon one or more attributes of the adjacent node that isidentified. In some embodiments, these last two pair of attributes (anidentifier of another node and cryptographic hash value of at least someof that node's content) may correspond to a cryptographic hash pointerfrom one node to another. Cryptographic hash pointers may define edgesof the graph in some embodiments. In some embodiments, an individualnode may contain zero cryptographic hash pointers (such as a leaf nodein a binary tree), a single cryptographic hash pointer (such as a linkin a block chain or linked list), a pair of cryptographic hash pointers(such as in a non-leaf node of a binary tree directed acyclic graph), orvarious other amounts of cryptographic hash pointers, for example, insplay trees or skip lists.

In some embodiments, the node attributes include an identifier of therespective node. In some embodiments, the identifier may be a segmentidentifier of the type described below, or in some cases the identifiermay be an identifier within a namespace of the directed acyclic graph,for example, a count that increments with the addition of each node. Insome embodiments, the identifier may be arranged hierarchically, forexample, indicating a block and a block chain and then a sequence ofbinary values that specify a path through a binary tree, as is used inprefix trees in some cases (e.g., the value 00101 may define a path froma root node to the left, left, right, left, and then right, with leftexpressed as 0 and right expressed as 1, in a binary tree). In someembodiments, the identifier of a node is content-based, for example, acryptographic hash value or non-cryptographic hash value based on one ormore or all of the attributes of the node, which may include hashpointers of that node.

In some embodiments, the document may be stored in a single node of thedirected acyclic graph. Or in some cases, the document may be segmentedand stored in multiple nodes, for example consistent with the techniquesdescribed below with reference to FIGS. 4 through 6 . In someembodiments, some nodes of the graph may store other documents orportions of other documents. In some embodiments, nodes may be added tothe graph over time, in some cases with groups of nodes addedsequentially. In some embodiments, attributes of nodes or blocks ofnodes (which may themselves be characterized as nodes in some cases) mayfurther include a timestamp at which the node was formed, an identifierof a tenant account or data repository where data in the note is storedin the lower-trust data store 14, a date the node was created, and thelike.

In some embodiments, groups of nodes may be added as a “block,” forinstance with each block corresponding to a binary tree having documentsstored in leaf nodes. Or blocks may be linked lists, skip lists, splaytrees, or combinations thereof, for example. In some embodiments, anindividual node may store multiple documents as attributes of that node.In some embodiments, blocks have an integer index, a block capacity, acryptographic hash value based on all of the nodes in the block (like aMerkle root), the nodes within the block, and a cryptographic hash basedon content of a previous block (e.g., based on all values in the block,based on a Merkle root of that block, or the like).

In some embodiments, forming the nodes of the directed acyclic graphincludes forming (e.g., updating or creating) a sequence of nodes alongone or more paths through the directed acyclic graph. In someembodiments, this may include calculating one or more cryptographic hashvalues to form one or more cryptographic hash pointers along this path,which in some cases may include or terminate with a node in which thedocument is stored or a portion of the document is stored, such thateach cryptographic hash pointer along the path is based on the document.

Cryptographic hash pointers may be based upon a cryptographic hashfunction which may take a plurality of inputs, such as one or more nodeattributes and produce an output of fixed size. These functions may havepre-image resistance, second pre-image resistance, and collisionresistance. Examples include an SHA-256, BLAKE, BLAKE2, SHA-1, SHA-2,and SHA-3 hash function. In some embodiments, the cryptographic hashfunction may be a one way function in which a given string of inputproduces deterministically a string of output that is relativelydifficult or impossible to reverse to determine the input from theoutput while being relatively easy to confirm that an input correspondsto the output. For example, it may be computationally infeasible toidentify a hash collision in which different instances of the inputproduce a given output. In some embodiments, the cryptographic hashfunction may implement the Merkle-Damgård construction.

In some embodiments, the cryptographic hash function may be based upon acompression function that accepts a fixed size input and produces afixed sized output with a one-way compression function. In someembodiments, because the input to the cryptographic hash function may bea variety of different sizes, the transformation may be performed in avariety of iteration and a plurality of iterations. Some embodiments maydetermine a length of input, such as a number of bytes, accepted by theone-way compression function, a length of output of the one-waycompression function and determine a difference between these twolengths. Some embodiments may then parse an input to the cryptographichash function into sequences of a size of this difference anditeratively input the parsed sequence into the one-way compressionfunction and then combine the output of that iteration with a nextportion parsed portion from the input, for example, incrementing from abeginning to an end of an input and iteratively concatenating, forexample, prepending or appending or otherwise intermingling the outputof the previous iteration of the one-way compression function with anext parsed portion of the input to the cryptographic hash function.Some embodiments may repeat this until an end of the input to thecryptographic hash function is reached (e.g., reaching a point withinsome threshold number of bytes or the last byte), as indicated by block56. In some embodiments, for example, where a plurality of inputs areapplied, some embodiments may combine these inputs in a variety ofapproaches, for example prepending or appending or otherwiseintermingling these inputs to form a string upon which these operationsmay be performed to produce a fixed sized output that is based upon theentirety of the input. The resulting directed acyclic graph may bestored in memory.

Before completing discussion of FIG. 2 , it is helpful to describe anexample of a directed acyclic graph like that used in the process ofFIG. 2 . FIG. 3 shows an example of a directed acyclic graph 70consistent with the present techniques. In some embodiments, thedirected acyclic graph 70 may include a plurality of blocks in asequence, such as blocks 72, 74, and 76, which may be arranged in alinked list, with links formed by cryptographic hash pointerscorresponding to the illustrated arrows between the illustrated blocks.In some embodiments, the block 72, 74, and 76 may be added sequentially,over time, for example as each block is completed. In the illustratedexample, the block 72 may be a most recent block, while a block 76 maybe an earliest block. In some embodiments, the cryptographic hashpointers between each of the blocks may be based upon node content inthe preceding block, and that node content may include a cryptographichash pointer based on node content in the preceding block to that block.Thus, a cryptographic hash value of the cryptographic block 72 may bebased upon each of the preceding blocks' cryptographic hash values andall content rendered tamper-evident by the data structure.

In some embodiments, each block may include a binary tree with a rootnode 80. In some embodiments, each of the arrows between blocks in thebinary trees of each of the block 72, 74, and 76 may also becryptographic hash pointers, for example, based on an identifier of thenode to which the cryptographic hash pointer points and a cryptographichash value based upon node content of that node, which may include anattribute of that node that is itself a cryptographic hash value ofanother hash pointer. Thus, in some cases, a cryptographic hash value ofa root node 80 may be based upon node content of every node of thebinary tree in each block 72, 74, or 76. In some embodiments, the node80 may include three such hash pointers, corresponding to six nodeattributes, the six attributes including three pairs of node identifiersand cryptographic hash values based on node content of those nodes. Insome embodiments, node content may further include a cryptographic hashvalue based upon each of these values, or such a cryptographic hashvalue may be stored in another node that points to that node. Theillustrated graphs are acyclic. As that term is used herein, it mayrefer to an acyclic subset of a larger cyclic graph. Thus, claims toacyclic directed graphs may not be avoided simply by adding an un-usedcycle.

In some embodiments, the binary tree structure may facilitate relativelyfast access to records within a given binary tree once a given block 72,74, or 76 is identified. In some embodiments, to expedite access tospecific blocks, some embodiments may include a skip list datastructure, for example, with another node or value within node 80 thatincludes a cryptographic hash pointer to some number of blocks earlierin the sequence, for example, to a block four positions earlier, anotherto a block eight positions earlier, another to a block 16 positionsearlier, another to a block 32 positions earlier, and so on. Someembodiments may thus, skip over some portions of the sequence of blocksto access a specified block. Three blocks 72, 74, and 76, are shown, butis expected that commercial embodiments will include substantially more,for example more than 50, more than 100, more than 500, more than athousand, or more than 10,000 blocks in a given directed acyclic graph70. In some embodiments, an earliest block 76 may include acryptographic hash pointer to a seed node 78, which may include a randomvalue (e.g., a pseudo random value) longer than 64 bytes as node contentas an attribute to provide a minimum level of entropy for eachsucceeding cryptographic hash value that points directly or indirectlyto the node 78.

In the illustrated example, the blocks 72, 74, and 76 include binarytrees with three levels of hierarchy, but embodiments are expected toinclude more, for example four levels, five levels, six levels, sevenlevels, eight levels, or more levels of hierarchy, each including twiceas many blocks as a proceeding level in the hierarchy. In someembodiments, the binary trees may be balanced binary trees, or in somecases the binary trees may be unbalanced. In some embodiments, nodes inthe binary trees below a lowest level, such as nodes 80, 84, and 86 thatare non-leaf nodes, may include node content that is based oncryptographic hash pointers but not based on node attributes in thosenodes that store content of documents, or in some cases documents mayalso be stored in these nodes. In some embodiments, content ofdocuments, such as documents themselves or portions of documents may bestored in attributes of node content of leaf nodes 88, 90, 92, and 94,such as an individual one of these leaf nodes in some cases. Thus, forexample a given document stored in leaf node 90 as an attribute in nodecontent of leaf node 90 may cause a cryptographic hash value in acryptographic hash pointer of nodes 84 and 80 to be based upon thatdocument. As a result, a modification to the document stored in node 90may cause the cryptographic hash pointers in nodes 80 and 84 to beinconsistent with that document, as cryptographically hashing themodified document is not expected to yield the same cryptographic hashvalue in the cryptographic hash pointers of these nodes 80 and 94. Insome embodiments, this verification operation may be repeated along asequence in a path of such nodes connected by cryptographic hashpointers, in some cases from or to any leaf node up to a most recentroot node added to the directed acyclic graph 70, thereby relativelygranularly identifying a node with data from a workload application thathas been modified and relatively reliably making that data tamperevident due to the computational infeasibility of crafting hashcollisions consistent with the modification to the data along the path.In some cases, leaf nodes may be arranged based on the content, e.g.,with each leaf node from left to right storing a range of values, oreach leaf node storing up to a threshold amount of data arrangedalphabetically, temporally, or in some other arrangement.

In the illustrated directed acyclic graph 70, a sequence of binary treesare shown, but embodiments are consistent with other types of directedacyclic graphs. In some embodiments, the directed acyclic graph is agraph with no unconnected sub graphs. In some embodiments, the directedacyclic graph is a single binary tree, or in some cases the directedacyclic graph is a splay tree of binary trees or a binary tree of splaytrees. In some embodiments, the directed acyclic graph includes a skiplist of splay trees or binary trees. In some embodiments, the directedacyclic graph includes a binary tree of skip lists or splay trees orlinked lists. (Some embodiments may facilitate re-arrangement of treesand other structures to facilitate faster access with abstractcryptographic hash functions described below, or hash pointers may berecalculated upon restructuring).

Thus, the directed acyclic graph 70 may include a plurality of nodes,some of which have node content that includes cryptographic hashpointers correspond to edges in the directed acyclic graph 70, and someof which includes node content that includes as attributes workloadapplication data that is secured by the directed acyclic graph 70.

In some embodiments, the directed acyclic graph 70 may take the form ofa distributed ledger, such as a block chain having a linked list ofblocks, with each block including a Merkel tree having a Merkel rootthat serves as a node attribute of the respective block, and subsequentblocks having node attributes that include cryptographic hash valuesbased on the Merkel root of each proceeding block.

In some embodiments, adding nodes or collections of nodes, such asblocks, to the directed acyclic graph 70 may be implemented in aun-trusted computing environment by un-trusted computing devices, insome cases based on a consensus protocol (like Paxos, Raft, or others)in which different computing devices perform or demonstrate some proofof something that is difficult to consolidate, such as proof of work orproof of storage, for instance, by calculating a hash collision to athreshold number of prefix or suffix digits of a cryptographic hashvalue. In some embodiments, a collection of untrusted computing devicesmay execute a consensus algorithm to determine whether blocks should beadded or are valid, for example. Or to expedite operations, someembodiments may avoid the overhead associated with proof of work orstorage techniques by executing within an environment in which morecontrol is exercised over the hardware that performs the operationsdescribed herein.

It should be emphasized that a data structure need not be labeled as agraph or as having nodes or edges in program code to constitute a graph,as long as the data structure includes linking between data elementspresent in a graph. In some cases, graphs may be encoded as a list oflinks between data elements, for example, in a key-value pair, or in ahierarchical data structure, such as in a hierarchical dataserialization format, like JOSN or XML. Graphs may also be encoded asrelationships in a relational database. Further, multiple datastructures, such as different graphs, may be overlaid on one another,for example in the manner described below, while still preserving theexistence of the distinct graphs.

In some embodiments, each of the above-described storage compute nodes26 may store one or more instances of a directed acyclic graph 70 likethat shown in FIG. 3 . In some embodiments, a given directed acyclicgraph may be replicated in multiple instances on multiple storagecompute nodes 26, for example, in multiple data centers 24. In somecases, an odd number of replicated instances may be stored. When readingdata back, some embodiments may implement a consensus protocol todetermine an authoritative copy, for example identifying a version of adocument returned by a plurality or a majority of the replicatedinstances following a read operation like that described below.

In some embodiments, a given directed acyclic graph 70, which may bereplicated in multiple instances, may store data from a single workloadapplication from a single tenant, and in some cases a subset of datafrom a single workload application, or data may be mixed. In someembodiments, a given directed acyclic graph may store data from multipleapplications of a given tenant. In some embodiments, a given directedacyclic graph may store data from multiple tenants, depending upon theimplementation.

In some embodiments, as data is accumulated, when the directed acyclicgraph 70 exceeds a threshold size, a new directed acyclic graph may beinstantiated, for example, using a cryptographic hash value of a rootnode of a last block added to a previous directed acyclic graph as aseed value 78 in a seed node.

Thus, FIG. 3 shows an example of a directed acyclic graph in whichdocuments stored with the process of FIG. 2 may be stored in atamper-evident fashion in an immutable data structure. As the documentis a revised, new records may be added with new versions of the documentto the data structure 70, and pointers to a most recent version of thedocument may be updated, for example, in the lower-trust database 14 toreference those newer versions. In some embodiments, these pointers mayimplement techniques described below by which pointers are substitutedfor records in a data store. In some embodiments, those pointers maypoint to an individual node in an individual directed acyclic graph. Insome embodiments, the pointers are node identifiers or the belowdescribed segment identifiers.

In some embodiments, the translator 20 described above may maintain inmemory an index that maps pointers to uniform resource identifiers ofstorage compute nodes 26 and directed acyclic graphs maintained by thestorage compute nodes, and in some cases, the DNS 18 may map thoseuniform resource identifiers to Internet Protocol addresses and portnumbers of the corresponding storage compute nodes 26. Thus, after adocument is written to the directed acyclic graph 70, a pointer, such asa node identifier that distinguishes that node from among all othernodes accessible to a given application, tenant, or all tenants, may bestored in the lower-trust database 14 or other data store in place ofthe document.

In some embodiments, the directed acyclic graph 70 may be periodicallyverified for internal consistency to detect instances of tampering withdocuments. Some embodiments may recalculate cryptographic pointers alongvarious paths, for example, each time a new document or other record isadded to the directed acyclic graph 70, for example, each time a newblock is added. Upon detecting a path in which the cryptographic hashpointers do not correspond to a document or other node content in thatpath, some embodiments may designate that document or other values ashaving been modified. Some embodiments may further emit an alarm, e.g.,send an email, send a text message, and suspend various user accounts,such as users that have access the document responsive to detectingtampering. To detect tampering, some embodiments may recalculate thecryptographic hash values for each cryptographic hash pointer along eachpath to each document and determine whether the recalculatecryptographic hash values match those stored as node attributes of nodesstoring the respective cryptographic hash pointers. Thus, if a givendocument, for example in node 90 of block 72 is tampered with afterstorage, the cryptographic hash pointer from block 84 to block 90 willnot match the stored cryptographic hash value in the node attribute ofnode 84, nor will the cryptographic hash pointer from block 80 to block84 match the stored value in the node 80. Further, if additional blockswere added subsequent to block 72, the cryptographic hash pointersbetween blocks subsequent to block 72 will also fail to match, therebyproviding a traceable path from a most current node back to a node inwhich the node content was tampered with by an attacker. In someembodiments, these verification operations may be performed each time anode is written, each time a block is written, periodically, likehourly, daily, or weekly, or each time a read operation is performed.

FIG. 2 further includes operations by which a document may be read backfrom the secure distributed storage 16. In some embodiments, theoperations of process 50 may include receiving a read command requestingthat the document be retrieved from the immutable data structure, asindicated by block 60. In some cases, the read command may be receivedafter the write command, e.g., substantially later, for instance morethan an hour, day, or week later. In some cases, the read command may bereceived after multiple write commands for the same document in whichdifferent versions are written to different nodes in different blocks,and in some cases to different directed acyclic graphs like thosedescribed above with reference to FIG. 3 . In some embodiments, the readcommand may reference an identifier of a document that indicates a mostcurrent version of the document is to be retrieved, or in some cases theread command may reference a particular version of the document. In somecases, receiving the read command may cause the security driver 30 toaccess the lower-trust database 14 or other lower-trust data store andretrieve a pointer to a node or sequence of nodes in which the specifieddocument is stored. As noted above, in some cases the pointer may be avalue that maps to a uniform resource identifier that the DNS 18 maps toan Internet Protocol address and port number where the correspondingnode is stored in a corresponding directed acyclic graph.

Next, some embodiments may access one or more nodes of the directedacyclic graph to retrieve the document, as indicated by block 62. Insome cases, this may include sending a pointer to a node at which atleast part of the document is stored to the translator 20, accessing auniform resource identifier of a directed acyclic graph in which thenode resides in an index stored by the translator 20, converting theuniform resource identifier to an Internet Protocol address and portnumber pair with the DNS 18, requesting the corresponding node from thestorage compute node 26 hosting the specified directed acyclic graph atthe Internet Protocol address and port number, and returning therequested document to the requesting application 28.

Further in some cases, accessed documents may be verified. For example,some embodiments may recalculate cryptographic hash values based on thedocument along a path from a most current node of the directed acyclicgraph back to the document (or a subset thereof) and determine whetherany calculated cryptographic hash values do not match those stored inthe respective nodes of the directed acyclic graph, as indicated byblock 64.

For clarity of terminology, it should be noted that the storage computenodes 26 refer to computing entities (e.g., a service topology), whilethe nodes of the directed acyclic graph 70 refer to elements of a datastructure.

Embodiments may determine whether these calculated values are internallyconsistent, as indicated by block 66. This may include determiningwhether calculated values match those stored in the node pointers of thedirected acyclic graph 70. Upon determining that the values match, someembodiments may return the requested document, as indicated by block 69.Upon determining that the values do not match, some embodiments mayindicate that the document has been modified, as indicated by block 68.Thus, an entity retrieving the document may have some confidence thatthe document has not been tampered with. Further, because someembodiments store the document in the nodes, the document may beretrieved relatively quickly (e.g., within 200 ms, 100 ms, or 50 ms),even when storing relatively large amounts of data, e.g., more than 100GB or more than 10 TB. Though embodiments are not limited to systemsaffording these benefits, as independently useful techniques aredescribed, which is not to suggest that any other description islimiting.

In some embodiments, documents or other values written to the securedistributed storage 16 in nodes of directed acyclic graphs 70 may besubject to various types of encoding prior to write operations. In someembodiments, data may be encoded with redundant information such that ifsome of the data is modified before writing or after writing, theencoding reveals errors and in some cases provides enough redundantinformation that data may be recovered. For example, some embodimentsmay encode the data with Hamming codes or Turbo codes such that if asubset of the data is lost, the document may be reconstructed based onredundant information in another part of the document. In anotherexample, data may be compressed, for example, with entropy coding tofacilitate reduced use of bandwidth and faster retrieval. In someembodiments, sequences of values in a document may be analyzed toidentify frequencies with which sequences occur, and those sequences maybe mapped to a dictionary in which relatively frequent characters arerepresented with relatively short values, while longer less frequentsequences are mapped to longer values. The mapping and dictionary maythen be stored in the secure distributed storage in a compressed format.In some embodiments, after compression, some embodiments may encrypt thedata as well, for example, with a symmetric encryption algorithm inwhich keys are maintained by the client computing device 12, forinstance, by XOR'ing the document with a random string that serves asthe symmetric key. In some cases, the symmetric key may be stored in thedistributed storage 16 in the manner described above.

Fragmenting Data for the Purposes of Persistent Storage Across MultipleImmutable Data Structures

As noted above, traditional databases do not adequately protect againstthreat actors or internal resources (employees, information-technologystaff, etc.) tampering with the data. Data residing in singular logicalspaces presents an easy target for threat actors. Once the computingdevice upon which the data is stored is compromised, the entirety of thedata is potentially at risk. Similar problems arise when a singlecomputing device controls access to all other computing devices indistributed master-slave architectures, as once the master-device iscompromised, data on other devices is potentially exposed.

Techniques exist for storing data in a distributed form in apeer-to-peer network, but such systems often present other problems.Examples include various systems built around the BitTorrent protocol.These systems often operate without a central authority to becompromised. But in these systems, when or if the data is altered(potentially for the purposes of hiding or obfuscating changes), thereis no recourse or method to detect these changes. Further, manydistributed peer-to-peer storage networks, like many implementing theBitTorrent protocol, maintain full copies of files (or other BLOBs) ateach peer, potentially leaving the full file open to inspection by anuntrusted party.

To mitigate these issues and others, in some embodiments, when writingdata, a component referred to as an “arbiter” (which may be a piece ofmiddleware and may be implemented in the translator 20) may be capableof taking as an input a fully formed datum (e.g., a unit of content,like a document or value in a database), starting from the last byte ofthe data, fragmenting that data into N pieces (where N is an integerlarger than 1, and in many commercially relevant cases larger than 5 or10, and in some cases can be relative to the size of the initial data),and placing each piece on a physically (or virtually) separateblockchain-backed storage data structures, with each piece containingpointers to the next storage location of the fragmented data. In someembodiments, the arbiter (or other middleware) then returns the TXID (orother node identifier) of the last written fragment (the first byte) tothe application which requested the fragmenting of the data.

When an application or resource requests the reassembly of fragmenteddata, an arbiter (or other piece of middleware) is supplied with theTXID (or other node identifier) of the first byte of the data, in someembodiments. After reading the first byte, in some embodiments, thearbiter or middleware then reads the subsequent pointers until a nullcharacter or end of sequence character is read. Once all of the pieceshave been read into memory, the arbiter or middleware respond to theapplication with the resultant unfragmented datum.

In some embodiments, other data structures, such as files or databasescan be used to store the fragments. Additionally, some embodimentspre-process the data and count the number of pieces that are requiredfrom the beginning before fragmenting the data.

An additional enhancement in some embodiments is the fragmenting of thedata into tree-like structures instead of list-like structures, which,during read operations, are expected to accommodate concurrency andreduce operation time.

In some embodiments, when reading or writing scattered data, theexecution operation along with other meta-meta data such as usercredentials may be written to an ‘auxiliary’ chain for the purposes ofauditing access to scattered data.

Advantageously, the blockchain data structures may impede or preventmodification of the stored data fragments. Further, some embodiments maystore the data with some redundancy across fragments, e.g., with Hammingcodes or Turbo codes, such that even if one blockchain is compromised,fragments from other changes would be inconsistent with modified dataand signal the compromise. Fragmenting the data is expected tofacilitation concurrent data validation on the different chains, therebyexpediting read operations in some embodiments. Further, fragmenting thedata is expected to make the data more robust to attacks on individualpeer machines, as even if a peer machine is compromised, only arelatively small fragment is at risk. That said, not all embodimentsprovide these benefits, as multiple independently useful inventions aredescribed, and various engineering and cost tradeoffs may result inperformance advantages in one aspect being deployed to improve anotheraspect, e.g., using faster algorithms to accommodate slower, cheaperhardware.

To implement these techniques and others, some embodiments may execute aprocess 100 shown in FIG. 4 to fragment documents and distribute thefragments across multiple storage compute nodes 26 having multiple,different directed acyclic graphs, in some cases with each of thosedirected acyclic graphs being replicated on multiple storage computenodes. In some embodiments, the data being stored may be individualvalues and individual fields having individual portions of records of adatabase, such as a value at a given row and column position in a giventable. In some cases, the data being stored as a unit may includemetadata, like a primary key, table identifier, database identifier, andtenant identifier. In some embodiments, the data being stored may be adocument like those described above that is larger than an individualvalue.

In some embodiments, the process 100 may include receiving a writerequest to write values to a database, as indicated by block 102. Insome embodiments, this operation may be performed by the security driver30 described above. In some embodiments, the write request may be arequest to write a value with a structured query language statement tothe low-trust database 14, or a request to write to a file in a filesystem. Or in some cases, the values subject to subsequent operationsmay be values already stored in a lower-trust database 14 or filesystem, for example, values processed during an installation process bywhich a lower-trust database 14 is secured by moving data into thesecure distributed storage 16 described above.

Next, some embodiments may classify values as higher or lower security,as indicated by block 104. For example, a write request may specify thata given record is to be added to a new row in a table, and that recordmay specify a tuple in which values are assigned to each of severalfields, each corresponding to different columns in the table. In somecases, some of those fields may be lower-security, while other fieldsmay be higher-security. In some embodiments, the security driver 30 mayinclude a table that maps table/field combinations to securitydesignations, for example, binary values indicating whether the valuesare lower or higher security values. Or some embodiments may use theother types of data security policies described below. For example, aSocial Security number field may be a higher-security value, while ausername in a public-facing account may be a lower-security value. Inanother example, credit card information like a credit card number maybe a higher-security value, while a ZIP Code in a mailing address may bea lower-security value.

Next, some embodiments may cause the database to store thelower-security values, as indicated by block 106. In some cases, thisoperation may include modifying a SQL statement or other databasecommand received by the security driver 30 from the application 28 andproviding the modified command to the database driver 32. For example,some embodiments may modify portions of the received command that wouldotherwise specify that the higher-security values are to be written tothe lower-trust database 14. In some cases, the modification takes theform of modifying the values themselves rather than reserved terms inthe command, such that modified values are written to the lower-trustdatabase 14 in the positions that the corresponding higher-securityvalues were going to otherwise be written by the application 28 (therebymaintaining relationships stored in the database). Or pointers may bewritten to directories in a file system in place of files or otherdocuments. For example, some embodiments may cause node identifiers orother pointers to nodes to be written, for example, identifiers ofsegments of the data to be written that are formed in operationsdescribed below, like a first segment.

Next, some embodiments may determine whether there are morehigher-security values that were identified to process, as indicated byblock 108. In some cases, some embodiments may iterate through each ofthe higher-security values, or process some or all of thehigher-security values concurrently, and operation 108 may determinewhether the full set has been processed. Upon determining that all ofthe higher-security values that were classified have been processed,some embodiments may return to block 102 and wait for a next writerequest. Alternatively, some embodiments may select a next value that ishigher security, as indicated by block 110, for subsequent operations.

Next, some embodiments may segment the current value into a plurality ofsegments, as indicated by block 112. As noted above, the current valuein some cases may be an individual value for an individual field of anindividual row of a database, or in some cases the value may includeadditional information, such as an entire row, or a value thatassociates a value in the database with a table and primary key for thatrow. Or in some cases, the value may be a document like that describedabove that may include additional data.

Next, some embodiments may segment the current value into a plurality ofsegments, as indicated by block 112. In some cases, the value may besegmented by character position in the sequence or byte position in asequence of bytes, for example, segmenting each sequential byte in aserialized representation of the value or each sequential four bytes. Insome embodiments, segmenting may include segmenting with the entropycoding techniques described above. For example, some embodiments maysegment according to a dictionary coding in an entropy coding of thevalue, for example, with each dictionary entry corresponding to adifferent segment. In another example, segmenting may include anoperation that breaks up the value into multiple segments that eachcontain nonconsecutive portions of the value, for example, placing everyfifth byte into a first segment starting with a first byte, placingevery fifth byte in a second segment starting with a second byte,placing every fifth byte in a third segment starting with a third byte,and so on. In some embodiments, values may be segmented into a specifiednumber of segments, for example, dividing the value into fourths, suchthat one fourth of the bytes by which the value is encoded go into afirst segment, one fourth into a second segment, one fourth into a thirdsegment, and one fourth into the fourth segment.

In some embodiments, values may be segmented with techniques fromnetwork coding (e.g., linear network coding) such that resultingsegments are combined in a bit-wise operation to reconstruct the value.For instance, a given value 64 bytes long may be segmented into two 64byte segments that when combined in a bit-wise XOR operation produce theoriginal value. In some embodiments, some of the segments may containredundant information relative to other segments. For example, someembodiments may encode data before segmenting or during segmenting withHamming codes or Turbo codes, such that if two of three consecutivesegments are available, the information and the other segment can bere-created, or such coding may be applied with less redundantinformation such that errors in one segment render that segmentinconsistent with the redundant information in an adjacent consecutivesegment. In some embodiments, the segments may be represented as asequence or in some cases, the segments may be represented in other datastructures. For example in some cases, the segments may be representedas a collection of paths through a prefix tree.

Next, some embodiments may cause the database, such as the lower-trustdatabase 14, to store a pointer to a first segment, as indicated byblock 114. In some cases, this operation may further include causing arecord to be added to an index maintained by the translator 20 thatassociates that pointer, which may be a unique segment identifier, whichin some cases may be an identifier of an individual node in a datastructure like that directed acyclic graphs 70 described above, or anindividual attribute of a node in that data structure, with an addressof the directed acyclic graph. In some cases, the association may bewith a plurality of addresses each corresponding to a differentreplicated instance of the directed acyclic graph, such as a pluralityof different uniform resource identifiers that are mapped by the DNS 18to Internet protocol addresses and port numbers of the correspondingstorage compute nodes 26 storing those different instances of thedirected acyclic graph and in some cases performing the above-describedoperations by which nodes are formed and data is verified. In someembodiments, causing the database to store a pointer to the firstsegment may include performing the above-described operations by which awrite command received from the application 28 is modified to replacethe higher higher-security values with the pointers before providingthat command to the database driver 32.

Some embodiments may iterate through each of the segments, causing eachof the segments to be stored and determining in each iteration whetherthere are more segments to process, as indicated by block 116. Upondetermining that there are more segments for a given value to beprocessed, some embodiments may select a next segment, as indicated byblock 118. Some embodiments may then select a computing device, such asa computing device executing one of the above-described storage computenodes 26, to store the current segment, as indicated by block 120. Insome cases, a list of the storage compute nodes 26 may be maintained ina circular linked list, and some embodiments may maintain a pointer thatis advanced with each storage operation, causing the pointer to cyclethrough the list, and using the pointed-to storage node to store thecurrent segment. Or some embodiments may select storage compute nodes26, for example, with a random number or with a pseudorandom valuegenerator, such as a linear shift register. In some embodiments, storagecompute nodes to store a given segment may be selected based on a uniqueidentifier assigned to the segment. In some embodiments, the uniqueidentifier may be a hash value based on content of the segment, and aprefix or suffix of the hash may uniquely identify one of the storagecompute nodes 26. In some embodiments, such a prefix or suffix mayuniquely identify a directed acyclic graph 70, which may be replicatedon multiple stores compute nodes. In some embodiments, the content ofthe segment itself may be hashed, and a prefix or suffix may specify oneof the above-describe storage compute nodes 26 or an instance of adirected acyclic graph that may be replicated on multiple stores computenodes 26. For example, 64 different directed acyclic graphs may bemaintained, each replicated three times, and a trailing six digits of abinary representation of a hash of the content of the segment mayspecify a value that ranges between zero and 63, and that value mayserve as an identifier of one of the directed acyclic graphs to whichthat segment is to be stored. In some embodiments, selecting a directedacyclic graph may cause one or more, such as three, computing devices tobe selected, those being the computing devices that store and maintainthe corresponding directed acyclic graph.

Next, some embodiments may instruct the selected computing device tostore the segment in memory in association with a pointer to a previoussegment, as indicated by block 122 (except for a first-segment, whichmay not have a pointer to a previous segment). In some embodiments, thismay include the above-described translator 20 sending instruction toeach of an odd numbered set of storage compute nodes 26 replicating oneof the directed acyclic graphs 70 to form a node in which the segmentcontent and the pointer serve as one or more attributes of that node,such as one of the above-described leaf nodes 88 through 94. In someembodiments, forming this node may further include forming cryptographichash pointers to that node through the above-described types of datastructures by which different directed acyclic graphs may be formed, forexample, through higher levels of a hierarchy in a binary tree, in somecases adding additional blocks to a linked list of blocks, each blockhaving a different binary tree and link to previous blocks according tocryptographic hash pointers like described above.

Next, some embodiments may return to determine whether there are moresegments in association with the current value. Upon determining thatthere are no more segments, some embodiments may return to block 108 anddetermine whether there are more higher-security values to process. Insome embodiments, multiple values may be processed concurrently. In someembodiments, values may be segmented from front-to-back or vice versa.

FIG. 5 shows an example of a resulting data structure 130 in which aplurality of segments are stored in different directed acyclic graphs132, 134, and 136, which in some cases may each have the features of thedirected acyclic graphs described with reference to FIG. 3 . In someembodiments, the segments of a given value may be stored in a contentgraph overlaid on each of these directed acyclic graphs 132, 134, and136, which may be characterized as a verification graphs to distinguishan overlaid content graph (and as they serve as an immutabletamper-evident log of the values of the segments in some embodiments).

In this example, the segments in the content graph 138 form a linkedlist, with a first node of the segment content graph 138 being stored ina leaf node 139 of verification graph 132, that first segment beingdesignated as node 140 in the content graph. The node 140 in the contentgraph may be stored as an attribute in node content in the node 138 ofthe verification graph, and the content node 140 may include a pointer142 to a next node in the content graph 138, which may be stored on adifferent verification graph 134. In some cases, the pointer 142 may becharacterized as an edge in the content graph 138 and may be expressedas an identifier of a node 143 in the verification graph 134 or in somecases as an identifier of an attribute in that node where multiplesegments are stored in different attributes of a given node of averification graph. In some embodiments, in the content graph 138, node140 points to another segment 144, which may then the point to anothersegment with pointer 146 in verification node 147 of verification graph136. Verification node 147 may include as node content one or moreattributes that specify a final segment in content graph 138 designatedwith element number 148. In some cases, node 148 may specify that thereare no additional nodes in the value.

As a result, even if a given malicious actor somehow compromises one ofthe verification graphs 132, 134, or 136, that attacker will only beable to access a set of segments of values and will not have access toother segments needed to complete the full value stored in thedistributed storage 16. Further, because the segments are stored in atamper-evident directed acyclic graph with the above-described hashpoint cryptographic hash pointers, evidence of tampering will not becomputationally feasible to conceal.

Thus, FIG. 5 shows a plurality of verification directed acyclic graphs132, 134, and 136, each of which may be replicated, and each of whichhas nodes that may store as node content data that encodes a contentgraph 138, which in this case is a linked list of segments, where eachsegment in sequence points to the next segment and its correspondingaddress, and in some cases attribute identifier in the underlyingverification graphs.

In this example, segments are arranged in a one-dimensional linked list,but embodiments are consistent with other arrangements of contentgraphs. For example, some segments may include pointers to multiplesubsequent segments, for example, in a skip list to facilitateconcurrent retrieval, and in some cases segments may be stored inassociation with a segment position identifier, for example, an order inwhich the segments are to be sequenced to reconstitute the segmentedvalue by the translator 20 in a read operation. In another example,segments in a content graph encoding a plurality of segments of anindividual value may be stored in a binary tree content graph, a skiplist content graph, or a combination of binary trees, linked lists, skiplists, and the like.

Three segments for a given value are shown, but embodiments are expectedto include substantially more in some cases. In some cases, binary dataencoding a single text character may be segmented, for example with agiven Unicode character being segmented into two or more segments, and agiven value yielding 10 or more or 20 or more segments, which in somecases may each be stored in different distributed acyclic graphs, whichin some cases may each be replicated multiple times, for example 3 ormore times. Thus, a given value may be stored in part on 30 differentstorage compute nodes 26. In some cases, different instances may becompared to determine an authoritative copy, e.g., selecting a storedand returned value according to a majority rule approach among thereplicated instances. In some cases, e.g., where the replicatedinstances of the graphs are on permissioned computing devices,embodiments may vote for a given value without performing a proof ofwork or proof of storage operation, or where devices storing the graphsare untrusted, some embodiments may determine consensus with a proof ofwork, storage, or stake, e.g., according to a consensus protocol, likePaxos, Raft, or the like. In some embodiments, e.g., in untrustedsystems, instances may be addressed according to Interplanetary FileSystem (IPFS) or with various distributed hash table approaches.

In the example of FIG. 5 , each of the directed acyclic graphs 132, 134,and 136 is the same type of directed acyclic graph, in this case alinked list of binary trees, where edges are formed by cryptographichash pointers. In other embodiments, a heterogeneous set of directedacyclic graphs may be combined, for example with different segmentsstored in different types of graphs. For example, an initial segment maybe stored in a binary tree, while other segments may be stored indirected acyclic graphs like those shown in FIG. 5 , for example, inlinked lists of binary trees.

FIG. 6 shows an example of a process 150 by which data may be retrievedfrom the data structure 130 of FIG. 5 or other data structures writtento with the process of FIG. 4 . In some embodiments, the process 150includes detecting an application querying a database, as indicated byblock 152. In some cases, this includes executing the security driver 30shown in FIG. 1 and receiving a read request sent to the database driver32 by the application 28 in FIG. 1 . Some embodiments further includereceiving a query response from the database, as indicated by block 154.In some embodiments, receiving the query response may occur after thedatabase driver 32 in FIG. 1 sends a query to the lower-trust database14, which may return a query response, for example, a response to a SQLstatement selecting certain records that satisfy certain criteria. Orthe response may be a document accessed in a file system. In someembodiments, the query response may be received by the database driver32, which may then send the query response to the application 28. Thisresponse may be intercepted by the security driver 30 and modified bythe security driver 30 before it is provided to the application 28. Insome embodiments, the security driver 30 may detect pointers to segmentsstored in the process of FIG. 4 , for example, in a data structure ofFIG. 5 , and send those pointers to the translator 22 be translated backinto the values that were sent to the data structure in the suit securedistributed storage 16, for example in a plurality of segments. Thus, agiven query response may include a lower-security portion of the queryresponse corresponding to values in fields that, in the process of FIG.4 , are not classified as higher-security values, and higher-securityvalues that are classified as such in the process of FIG. 4 , or atleast pointers to those values in the secure distributed storage 16. Insome embodiments, these pointers may be detected with a regularexpression configured to detect a prefix or suffix labeling the pointersas such, for example, with a sequence of reserved characters.

Thus, some embodiments may include an operation of determining whetherany pointers formed in the process of FIG. 4 are present, as indicatedby block 156, in the received query response. Upon determining that atleast some pointers are present, some embodiments may determine whetherthere are more pointers to process in the query response, as indicatedby block 158. Some embodiments may iteratively or concurrently processeach of the pointers present in the query response from the lower-trustdatabase 14 to replace those pointers with corresponding value stored inthe secure distributed storage 16, for example, in the data structure ofFIG. 5 with the process of FIG. 4 .

Upon determining that there are more pointers to process, someembodiments may select a next pointer, as indicated by block 160, andretrieve a segment and associated pointer if and associated pointer isstored in association with that segment, as indicated by block 162.Segments may be retrieved in reverse order or vice versa relative to theorder in the value that is segmented, depending on how the content graphis structured, e.g., based on the order in which the segments arewritten. In some embodiments, retrieving the segments and associatedpointers may include causing the translator 20 to access an index thatassociates pointers, for example, segment identifiers, with one or moreURLs of one or more computing devices storing a replicated instance ofone of the directed acyclic graphs 132, 134, or 136 storing the segmentto which the pointer points. In some embodiments, the index may furtheridentify, in association with the pointer, a node identifier, forexample, a block and path through a binary tree, to a specific nodestoring as node content in an attribute of that node the segment atissue and an associated pointer of present, for example if it is not thelast segment to be retrieved. In some embodiments, the translator 20 mayaccess the DNS 18 to identify an Internet Protocol address and portnumber of the secure compute node 26 maintaining the identified directedacyclic graph, or each secure storage compute node 26 storing one of areplicated instance of that directed acyclic graph. Some embodiments ofthe translator 20 may send a request to those storage compute nodes toreturn the identified segment, and the receiving storage compute nodes26 may traverse the edges specified by the cryptographic hash pointersin the corresponding directed acyclic graph along a path specified bythe request to the specified node storing the segment. Or someembodiments may navigate directly to the segment, for example, based ona node identifier that identifies an address in memory of the segmentwithout requiring traversal. In some embodiments, to expedite access,locations of nodes in memory may be stored in a binary treecorresponding to note identifier, or in a sorted list, to facilitaterelatively fast access to content of nodes.

In some embodiments, the storage compute node 26 or set of storagecompute nodes 26 replicating the directed acyclic graph, may return thespecified segment to the translator 20. In some embodiments, thetranslator 20 may receive multiple instances of the requested segment,and some embodiments may determine whether each of the segments matchone another or determine a content of the segment based on a contentreturned by a plurality or majority of the responses, thereby preventinga modification of one of the instances from affecting the authoritativecontent of the segment determined by the system. That said, not allembodiments provide this benefit, which is not to suggest that any otherfeature described herein is limiting.

Some embodiments may maintain in memory a partially or fully formedencoding of the value to which the segments belong, and some embodimentsmay concatenate the retrieved segment to a sequence of segmentsaccumulated in this value, as indicated by block 164. For example, someembodiments may prepend or append each successive retrieved segment tothis sequence of segments. Or in some big cases, the segments may comebe combined with other techniques. For example, some embodiments maycombine the segments by XOR'ing the segments to re-create the value. Theterm “concatenate” is used broadly herein to refer to each of thesedifferent operations by which information in different segments iscombined to produce the value from which the segments were taken. Insome embodiments, segments may be retrieved out of order, for example,with segments labeled with a value indicating a position in a sequence,and some embodiments may sort the segments according to this value tore-create the value from which the segments were taken.

Next, some embodiments may return to determine whether there are morepointers to process in block 158. Upon determining that there are nomore pointers to process, some embodiments may proceed to form a revisedversion of the query response, as indicated in block 166, in which thepointers are replaced with the higher-security values segmented andstored in the secure distributed storage 16, for example, in the datastructure of FIG. 5 with the process of FIG. 4 . In some embodiments,the replacement operation may be performed by the above-describedtranslator 20 or within the security driver 30. In some embodiments, therevised version of the query response may include the replacement valuesin the same position, in the same formatting as the pointers within thequery response, thereby maintaining associations between differentvalues and metadata in the query response, for example, associations inwhich records are distinguished and associations in which values areindicated as applying to particular fields in those records. In somecases, where no pointers are present, the revised version of the queryresponse may be an unaltered version of the query response, upondetermining that no pointers are present in block 156.

Next, some embodiments may provide the revised version of the queryresponse to the requesting application, as indicated by block 168. Insome cases, the revised version of the query response may be advanced bythe security driver 30 to the application 28 in FIG. 1 according to anapplication program interface of the database driver 32, such that anapplication 28 configured to interface with the database driver 32, butnot designed with the security driver 30 in mind, will transparentlyreceive the query data without needing to be reengineered to interfacewith the secure distributed storage 16.

In some embodiments, the write operations of FIG. 4 or the readoperations of FIG. 6 , or both, may be performed in different portionsof the system of FIG. 1 (or other systems) than those described. Forexample, in some cases, these operations may be performed by a databasemanagement system or a database gateway by which client devicescommunicate with the database. In some embodiments, these operations maybe performed by a dedicated appliance on a network through which clientcomputing devices access a database. In some embodiments, theseoperations may be performed entirely within a single computing device,for example, as part of a monolithic application in which the featuresof the secure distributed storage are operated within a single computingdevice, or on a single device in which the different components executein different containers or virtualized operating systems accessed via aloopback Internet protocol address.

Generation of Hash Values within a Blockchain

As noted above, blockchains generally allow for small bits ofinformation to be stored in an immutable data structure; the moment datain the chain is altered, the chain is broken and generally can no longerfunction. The most common blockchain implementation is the publiclyaccessible Bitcoin ledger (for which blockchains were designed).

However, many extant blockchain systems are not well suited for certainuse cases. Blockchains are typically immutable, and therefore once datais committed to the chain, under most circumstances it is consideredpermanent. This can lead to scalability challenges as the chain can growto be very large with no ability to reduce the size of the chain (noneof which is to suggest that systems with immutable blockchain aredisclaimed for all embodiments or are inconsistent with someimplementations).

These, and other problems, are mitigated by some embodiments of thesystem introduced above referred to below as “Docuchain.” Docuchain, insome embodiments, is a blockchain software suite for low-latency put andget operations of BLOBs. Docuchain, in some embodiments, uses animproved version of a hash function for a blockchain.

Docuchain, in some embodiments, makes use of abstract functions (a termwhich is used generically to also refer to methods and other routines)to define which properties of individual blocks are used in creating theblock hash (sometimes referred to as Merkle root). By variating theproperties that are used to construct this hash, some embodimentsincrease or decrease the ambiguity of the hash output. In someembodiments, a lambda function can be passed in to the constructor ofBlockManager, which receives a block entry as a parameter and returnsthe values to be passed into the hash function, as defined by ‘H’ in theexpression BlockManager<H,T>.

For example, if only the block's data is used in the generation of itsMerkle Root, it would be possible to remove the head of the chainwithout consequence of breaking the chain itself. Alternatively, ifsystems use the data, the position, and potentially even more specificproperties such as read/write times, the chain becomes completelyimmutable and must (in some implementations) stay intact in its entiretyin order to be functional.

Some embodiments add this degree of control by removing the in-chainscripting language component and adding the ability for the hashed valueto be controlled as part of configuration rather than part of sourcecode. In some embodiments, the hash function accepts data that is notcontingent on a block's position within a chain. In some embodiments,the hash function accepts as input only values that can be re-created inanother chain.

In other embodiments, a similar output as a result of this functionalitycould be produced by conducting a sort of refactoring on a chain. Thisoperation may include writing all of the data intended to be kept to anew chain, and then updating all referential TXIDs (or other pointerslike those described above) in any external data stores that exist.

To implement these approaches and others, some embodiments may execute aprocess 170 by which a cryptographic hash function is configured to makeit is feasible to recompose portions of directed acyclic graphs havingedges specified by cryptographic hash pointers formed with thecryptographic hash function, for example, to accommodate directedacyclic graphs that have grown larger than a threshold size and breakthose graphs into smaller portions or spawn new directed acyclic graphsthat link back to those directed acyclic graphs.

In some embodiments, the process 170 may be performed by the storagecompute nodes 26 of FIG. 1 , but is not limited to that implementation,which is not to suggest that any other description herein is limiting.Indeed, the operations of process 170 may be applied to other types ofdirected acyclic graphs having cryptographic hash pointers as edges, forexample, in block chains used for cryptocurrencies and in distributedtamper-evident ledgers used for other purposes.

In some embodiments, the process 170 includes obtaining a tamper-evidentlog, as indicated by block 172. In some embodiments, the tamper-evidentlog is one of the directed acyclic graphs discussed with reference toFIGS. 3 and 5 and may take a variety of different forms. In someembodiments, the tamper-evident log includes a sequence of nodes, orblocks that are collections of nodes, for example, each block being abinary tree of nodes. In some embodiments, the tamper-evident log mayindicate through the topology of a directed acyclic graph a sequencewith which entries in the log are added. In some embodiments, each entrymay be characterized as a node or as a block in the tamper-evident log.

Next, some embodiments may obtain a plurality of records to beprotected, as indicated by block 174. In some cases, the records may bethe segments or documents (which is not to suggest that a documentcannot be a segment) discussed above. In some cases, the records to beprotected may be obtained by the storage compute nodes 26, for example,upon being received from a translator 20 like that described withreference to FIG. 1 .

Some embodiments may iteratively or concurrently process the records anddetermine whether there are more records to process, as indicated byblock 176. Upon determining that there are no more records to process,some embodiments may return to block 174 and wait for additional recordsto process. Upon determining that there are more records to process,some embodiments may proceed to select a next record, as indicated byblock 178, among the unprocessed records.

Some embodiments may then access content of a most-recent entry of thetamper-evident log, as indicated by block 180. In some cases, themost-recent entry may be a last block written to the log or a last nodewithin a component of a block, like a leaf node or higher-level node ina binary tree in a block. In some cases, the accessed content may be oneor more attributes of the most recent entry, such as one or moreattributes of node content. In some embodiments, those attributes mayinclude those like which are described above with reference to nodes inthe directed acyclic graphs described with reference to FIGS. 3 and 5 .

Next, some embodiments may access an abstract cryptographic hashfunction, as indicated by block 182. The term “abstract” refers to aprogramming construct by which the specific implementation of a functionor method is defined by other code than that having a placeholderdesignating the function as abstract (e.g., an object, class,subroutine, or function), and in some cases certain aspects of theabstract function are defined in other code, for example in a classdefinition in an object-oriented programming language, where anon-abstract implementation of the abstract function is defined uponimplementing an object in the class. In another example, the abstractfunction may be specified as abstract by code configured to receive alambda function from a calling body of code or from a body of code thatcalls that is called by the body of code that receives the lambdafunction. In some cases, the implementation may have access to the scopeof the body of code having the reference to the abstract function, e.g.,an instance of an object in an abstract class or a method that receivesthe lambda function as a parameter.

Some embodiments may determine that an abstract cryptographic hashfunction has been accessed, for example, upon detecting the presence ofa reserved term indicating that this type of function or method has beenaccessed.

Some embodiments may then determine an implementation of the abstractcryptographic hash function, as indicated by block 184. In some cases,the implementation may be determined as part of instantiating an objectwithin an abstract class, and in some cases, the implementation may bedetermined by receiving a lambda function defined by calling code orcalled code. In some embodiments, the implementation may specify acryptographic hash algorithm, such as SHA-256 or the other examplesdescribed above, or in some cases the type of cryptographic hashfunction may be specified in the specification of the abstractcryptographic hash function, leaving other aspects of the algorithm tobe configured in the implementation. In some embodiments, theimplementation may specify which inputs are processed by thecryptographic hash function to determine an output, while the abstractrepresentation of the cryptographic hash function may not specify whichinputs are used in the implementation. Thus, a single abstractcryptographic hash function may be implemented a variety of differentways within a given body of code, for example, calling those differentways at different times in different scenarios based on differentcriteria.

In some embodiments, the implementation of the abstract cryptographichash function that is determined in block 184 may specify that certaintypes of inputs are to be used in calculating the cryptographic hashvalue output. In some embodiments, those types of inputs may be selectedamong a subset of attributes in node content accessed in block 180, suchas attributes and node content of an adjacent node of a node that is tobe added to the tamper-evident log. In some embodiments, the types ofinputs may be position-agnostic inputs, such as node attributes that donot indicate a position of the node accessed in block 180 within thetamper-evident log obtained in block 172. For example, the selectedtypes of inputs may exclude timestamps, dates, counter values thatindicate a position in a sequence that is specific to a graph, like anarray index, or the like. In some embodiments, the position-agnosticinputs that are selected may include items like attributes that specifya segments content or document content stored in the most-recent entry.In another example, the attributes of the access node content used asthe position-agnostic input to the implemented cryptographic hashfunction may include a cryptographic hash value of a cryptographic hashpointer to another node that is pointed to by the node accessed in block180, thereby preserving the benefit of chaining cryptographic hashpointers.

In some embodiments, the same implementation of the cryptographic hashfunction may be applied to calculate each cryptographic hash value ineach cryptographic hash pointer of a directed acyclic graph encoding thetamper-evident log obtained in block 172. Or in some cases, differentimplementations may be accessed at different times for differentdirected hash pointers. For example, each directed edge encoded by acryptographic hash pointer may also include a value that identifies theimplementation, for example, a value that indicates whether the edge isspecified with a position-agnostic implementation of the abstractcryptographic hash function or a position-dependent implementation, theposition-implement dependent implementation including as inputs thetypes of values described above as non-position-agnostic, for example,timestamps dates, position indices, and the like. In some embodiments,the position-agnostic implementation may be selected upon determiningthat the tamper-evident log in a given directed-acyclic graph, orportion thereof, has reached a threshold size and that a new directedacyclic graph storing subsequent entries to the tamper-evident log is tobe created, while the other cryptographic hash function implementationsthat are not that are position dependent may be used at other times. Orto simplify the code, the same position-agnostic implementation may beused for each cryptographic hash pointer.

Next, some embodiments may calculate a cryptographic hash value with theimplementation determined in block 184 based on the accessed contentfrom block 180, as indicated by block 186. In some embodiments, theprocess 170 further includes forming content of a new entry to thecamper-evident log that includes the hash value calculated in block 186and the current record selected in block 178, as indicated by block 188.In some cases, forming new content may include modifying an existingentry or creating a new entry. In some embodiments, forming content mayinclude adding values to attributes in the content of the new entry,such as attributes in the above-described nodes in the graphs of FIGS. 3and 5 . In some embodiments, the hash value in the current record may beseparately labeled as distinct attributes in the formed content, or insome cases these values may be combined, for example, with a singlecryptographic hash value based on both the accessed content from block180 and the current record. In some embodiments, the current record maybe stored remotely, while a hash digest, such as a cryptographic hashvalue based on that content may be stored in the tamper-evident logobtained in block 172. Or some embodiments may store the current recordin the log itself to expedite access in accordance with some of thetechniques described above, for example, with reference to FIGS. 2 and 3.

Next, some embodiments may prepend the new entries to the tamper-evidentlog, as indicated by block 190. In some embodiments, this may includeadding a new entry to a sequence of entries, such as to the sequence ofblocks 172, 174, and 176 in a data structure 70 of FIG. 3 . The term“prepend” does not require any particular array index or position insome programming construct, as long as the new entry is designatedimplicitly or explicitly in the tamper-evident log as being newer thanexisting entries in the tamper-evident log or otherwise older-entries.

Some embodiments may then determine whether a size of the log is greaterthan a threshold, as indicated by block 182. In some embodiments, thismay include determining whether the size of the log is greater than orequal to the threshold, a configuration also consistent with thedesignation greater than, which is used generically herein. Upondetermining that a size of the log is not greater than the threshold,some embodiments, may return to determine whether there are more recordsto process in block 176. In some embodiments, the size may be measuredby an amount of blocks, an amount of nodes, or an amount of data storedwithin the directed acyclic graph, for example, measured in megabytes.

Upon determining that a size of the log does exceed the threshold, someembodiments may proceed to split the tamper-evident log into an oldertamper-evident log and a newer tamper-evident log, as indicated by block194. In some embodiments, the split tamper-evident logs may each be ofthe same types of directed acyclic graphs, in some cases with the oldertamper-evident log being larger at the time of the split. In someembodiments, splitting may be performed by determining to not prependthe new entry or the next entry after the new entry to thetamper-evident log and instead instantiating a new directed acyclicgraph to receive a subsequent entry. In some embodiments, the older andnewer tamper-evident logs may each be of the same type (e.g., class oftopologies) and have the attributes of the directed acyclic graphsdescribed with reference to FIGS. 3 and 5 . In some embodiments, thesystem may cease adding new entries to the older tamper-evident log andcontinue adding new entries to the newer tamper-evident log until thatlog exceeds the threshold, in which case some embodiments may then splitthat newer tamper-evident log into a yet newer tamper-evident log,continuing indefinitely to grow the number of tamper-evident logs.

In some embodiments, an initial node or block in those tamper-evidentlogs may include a cryptographic hash pointer to the oldertamper-evident log, for example, a cryptographic hash value based on aroot node of a newest block of a consecutively older tamper-evident log.In some embodiments, this referenced content may be used to generate aseed value like in block 78 of FIG. 3 and may be associated with anidentifier of the older tamper-evident log. In some embodiments, thenewer tamper-evident log may be instantiated on a different storagecompute node 26 in FIG. 1 from that of the older tamper-evident log, orit may be instantiated on the same storage compute node 26.

Thus, some embodiments may reconfigure directed acyclic graphs whilemaintaining provable tamper resistance, thereby accommodatingarbitrarily large data sets.

Transparent Client Application to Arbitrate Data Storage Between Mutableand Immutable Data Repositories

As noted, in many cases, traditional databases are not sufficientlysecure. Many mainstream databases provide some level of permissioning,but oftentimes these permissions are broad and difficult to manage,which leads to the opportunity for attack and misuse. Further, mostwidely adopted databases implement transactional SQL (T-SQL) or asimilar variant. In most implementations, poor design practices andlegacy code can present vulnerabilities such as SQL injection attacks,which trick the database into returning potentially sensitive andunintended data. Additionally, there is very little auditability andpermissioning for individual cells within a table other types ofindividual table values. Moreover, most database management systems relyon a driver that lives on the database client's machine. Oftentimes,these clients are open source and easily available, making exploitationeasier. (None of this is to suggest that some embodiments may not alsobe afflicted with subsets of these problems, as several inventions aredescribed and those inventions can be used independently withoutaddressing every problem described herein.)

To address such concerns, various approaches have been implemented tosecure stored data. Examples include air-gapping the database orcarefully managing permission to access the database. Many approaches,however, are difficult to administer (e.g., using baroque permissionschemas), are slow (e.g., air-gapping), or break backward compatibilitywith expensive enterprise applications that expect a particular databasedriver interface, none of which is to suggest that any of theseapproaches are disclaimed in all embodiments.

Some embodiments mitigate some of the problems described above with aspecialized client application that is able to identify sensitive data(by column type, predefined column name, or other predefined methods).Some embodiments may capture the data as it is being transmitted to thedatabase and route sensitive data to more secure storage mechanisms,like those mentioned above. Thus, more secure, though potentiallyslightly slower, storage techniques may be reserved for the mostsensitive data, while less sensitive data may be processed with fasterand cheaper less secure storage solutions, like traditional relationaldatabases. Further, in some embodiments, the client application mayabstract away from other applications this differential routing andvariation in query formats between systems.

In some embodiments, a subset of more sensitive data may be stored byscattering the data among multiple blockchains, as described above.Similarly, when the client application detects that sensitive data isbeing queried (using the same method), the client application, in someembodiments, may take a TXID (or other pointer) as it is coming from thedatabase, send it to an arbiter instance for reassembly, confirm thatthe request has valid permissioning and if so, place the reassembleddata in place of the TXID.

Because some embodiments intercept the data in the data path, someembodiments are able to produce an additional audit log which shows allattempts to access the data, as described in greater detail below. Insome cases, these access logs can be notated with request-specificinformation such as: username, geolocation, client machine IP address,etc.

Through this approach, it is expected that other applications thatimplement traditional database drivers will require little or no scatteror blockchain-specific configuration. In some cases, the process iscompletely transparent to other legacy applications. Further,permissioning complexity may be relaxed with secure data routed todistinct, immutable, secure data structures, as access to, andmodification of, data may be readily detected.

Certain types of data are expected to be particularly amenable to usewith the present techniques. Often system-access credentials, like usernames and passwords, are particularly sensitive, as entire accounts maybe compromised if such information is subject to unauthorized access.Storing passwords on a local machine or in a database where the entirepassword is accessible in one location provides an easy target forthreat actors looking to manipulate, steal, or otherwise misuseauthentication credentials. Other examples include credit card numbers,social security numbers, or health-related data.

Some embodiments interface with blockchains as a storage data structurewith an arbiter or other piece of middleware that is capable of takingas an input the full text representation of a user credential, startingfrom the last byte of that credential, fragmenting that credential intoN pieces, and placing each piece on a physically (or virtually) separateblockchain backed storage data structure, with each piece containingpointers to the next storage locations of the fragmented credential.When an application or resource requests the reassembly of a fragmentedcredential, in some embodiments, an arbiter or piece of middleware issupplied with the location of the first byte of the credential. Afterreading the first byte, in some embodiments, the arbiter or middlewarethen reads the subsequent pointers until a null character or end ofsequence character is read. Once all of the pieces have been read intomemory, the arbiter or other middleware may respond to the applicationwith the resultant unfragmented credential. Some embodiments maypreprocess the credential and count the number of pieces that arerequired from the beginning before fragmenting the credential. Someembodiments may require that credentials yield a threshold number offragments. Some embodiments may salt fragments or credentials beforefragmentation to defeat or impair rainbow table attacks.

These and other techniques may be implemented with a process in FIG. 8 ,which shows an example of a process 200 that may be executed by a clientcomputing device to transparently retrofit an existing workloadapplication to interface with a heterogeneous mix of databases and, inparticular, with a combination of databases that includes ahigher-security database than that which the application is configuredto interface with as originally written, such as databases like thosedescribed above. It should be emphasized, though, that the presenttechniques are not limited to embodiments drawing upon the above-typesof more secure databases and, and some cases, may be used in conjunctionwith other types of databases, such as another relational database orother type of datastore, such as one that is deemed to behigher-security or lower latency than that which the applicationaccessing data is configured to interface with. In some embodiments, theprocess 200 may be executed by the above-describe security driver 30,though it should be noted that in some cases, some or all of thefunctionality may be executed in the translator 20 in a databasegateway, in a database management system, or in some other computingdevice.

Executing the process 200 in a client computing device, before dataleaves the client computing device, or upon data arriving into theclient computing device, is expected to yield certain security benefitsin some use cases, where for example, the database that the workloadapplication executing on the client computing device is configured toaccess has been compromised. In such scenarios, it is likely that anadversary may have compromised other computing devices on a network, andmerging or splitting data at the client computing device, immediatelybefore or after writing or reading respectively, is expected to reducethe attack surface of a network. That said, embodiments are not limitedto systems providing these benefits, and in some cases, these operationsmay be performed in another computing device believed to be relativelysecure on a network, which is not to suggest that any other featuredescribed herein is limiting.

In some embodiments, the process 200 may be made transparent to aworkload application executing on a client computing device, such as aservice on one host of a plurality of hosts executing different servicesin a micro-services architecture, or an application executing as amonolithic application on a single computing device. In someembodiments, the process 200 may be made transparent to that applicationby registering the process in the operating system of the clientcomputing device to appear to be the database driver that the workloadapplication is configured to access and then wrapping an applicationprogram interface of the original database driver with the operationsdescribed below. Thus, some embodiments may be responsive to the sameset of application program interface requests that a database driver isresponsive to, while providing additional functionality. Further, someembodiments may then pass modified or unmodified application programinterface exchanges between the workload application and the databasedriver. In many cases, source code of the workload application isunavailable or is expensive to modify. Thus, retrofitting existingworkload applications in a manner that does not require changes to codeof that application is expected to be particularly desirable. That said,the present techniques are also applicable in use cases in which thesource code is available for the workload application and is modified toimplement the present techniques, which again is not to suggest that anyother description is limiting.

In some embodiments, the process 200 includes registering a securitydriver that wraps a database driver, as indicated by block 202. In someembodiments, the security driver may be registered in an operatingsystem in which a workload application (e.g., application 28 above)making database access request described in subsequent operations ofprocess 200 is executed, and this operating system may also be anenvironment in which a database driver (e.g., driver 34 above) describedbelow operates. In some embodiments, as a result of the registrationoperation, when an application sends an application program interfacerequest to the database driver, that request may be received by thesecurity driver instead, and the security driver may be configured tothen communicate with the database driver as an intermediary between thedatabase driver and the application within a single operating system ona client computing device.

In some embodiments, other types of access may be handled in a similarfashion. For instance, some embodiments may wrap a filesystem driver toobtain exchanges between filesystem drivers and workload applications,e.g., operating on documents. In some cases, a file system filter drivermay be instantiated that emits events indicative of application programinterface exchanges with the filesystem driver and some embodiments mayclassify these events as pertaining to higher-security documents (ornot) and, in some cases, modify the driver behavior in response, e.g.,substituting a document stored in the secure distributed storage 16 foran access request that pertains to, e.g., a locally stored text filewith a pointer to such a document.

Some embodiments may then include receiving a first write request, asindicated by block 204. In some cases, this operation may be performedsometime after registering the security driver and may occur withrelative frequency. In some embodiments, the write request is like thosedescribed above. In some embodiments, the write request is anapplication program interface request to the database driver from theworkload application executing on the computing device. In someembodiments, the request may be to a first remote database, such as thelower-trust database 14 described above or some other data store. Insome embodiments, the first write request may specify that a set ofvalues are to be written to a set of fields in a set of records in adatabase, which may include adding new values to new fields to newrecords or modifying existing data. The first write request may beformatted in a schema specified by an application program interface ofthe database driver and may be operative to cause the database driver torespond regardless of whether the registration step of block 202 hasoccurred, though the application may then proceed to operate in a lesssecure fashion in some cases as a result of omitting operations from thesecurity driver.

Next, some embodiments may obtain a data policy, as indicated by block206. In some cases, the security driver 30 may maintain in memory a setof one or more policies that each include a set of rules, such as apolicy for each application or each lower-trust database 14.

Some embodiments may include classifying values to be written ashigher-security values or lower-security values, as indicated by block208. In some cases, this operation may include selecting one or morerules from one or more data policies, for example, based on anapplication writing data, a lower-trust database receiving the data orintended to receive the data, or other criteria. Some embodiments mayinclude applying one or more of the above-described rules to each valuein the write request to classify that value as higher-security orlower-security.

In some embodiments, the rules may each include one or more criteria bywhich data being written to a database is classified as lower-securitydata or higher-security data. In some cases, these rules may includerules that designate certain types of fields as lower-security orhigher-security, such as text fields versus integer fields, or fieldswithin a specified pattern. In some embodiments, the criteria mayexplicitly list higher-security fields and lower-security fields, anddata may be classified as higher-security or lower-security in virtue ofa write request attempting to place data into these fields. In someembodiments, the criteria may apply a regular expression to a fieldidentifier, such as a field name to determine whether values within thatfield are higher-security or lower-security. In some embodiments, therules may apply to the content of values being written, such that somevalues in a given field may be higher-security, while other valueswithin that given field may be lower-security. For example, somecriteria may include a regular expression that pattern matches againstthe content of values to determine whether those values arehigher-security or lower-security, for instance, designating values thathave a format consistent with a phone number, credit card number, orSocial Security number, regardless of the field in which they belong, ashigher security.

Next, some embodiments may store the lower-security values in the firstremote database, as indicated by block 210. In some cases, the firstremote database may be the database that the workload application isconfigured to interface with when initially installed or off the shelf.Thus, the workload application may be configured to interface with thefirst remote data face without retrofitting. In some cases, this mayinclude writing values to the lower-trust database 14, for instance,consistent with the operations described above with reference to block106 of FIG. 4 .

Some embodiments may then store the higher-security values in a secondremote database, as indicated by block 212. In some cases, the secondremote database may be one of the above-described higher-securitydatabases, such as those hosted within the secure distributed storage 16of FIG. 1 , implementing the data structures of FIGS. 3 and 5 . Or insome cases, the secure second remote database may be another relationaldatabase or other type of database, for instance, one implementingadditional security features relative to the first remote database orsimply being isolated from the first remote database. In some cases,storing the higher-security values may include the operations describedabove with reference to FIGS. 2 and 4 .

Next, some embodiments of the security driver may cause pointers to bestored, for example, storing pointers to the higher-security values inthe first remote database, as indicated by block 214. For example, thismay include modifying the application program interface request from theworkload application to the database driver to replace higher-securityvalues with node identifiers, segment identifiers, document identifiers,or other types of identifiers like those described above, beforeadvancing the modified application program interface request to thedatabase driver. In some cases, the database driver may then translatethe application program interface request into commands and a datastream appropriate to cause the first remote database to store thepointers that identify where the corresponding values are stored in thesecond remote database.

Next, embodiments may later read data back. In some cases, this mayinclude receiving a query and then receiving a query response with thepointers included in the query response, as indicated by block 216. Insome embodiments, the query itself may be modified, for example, where acriterion in the query depends upon the content of higher-securityvalues. For example, some embodiments may select all values with amodified query; then within the security driver or the translatordescribed above, replace pointers with the corresponding valuesretrieved from the second remote database; and then apply criteria ofthe original query to those values to determine which values areresponsive to the query issued by the workload application.

In some cases, a single query from a workload application may spawn acascade of iterative, subsequent queries, for example, where joinoperations are performed, and in which data is merged from the first andsecond remote databases to determine intermediate query responses. Forexample, a workload application may request mailing addresses of allusers with a credit card number that begins with the specified sequence,and the mailing addresses and credit card numbers may be maintained indifferent tables, with the credit card numbers designated ashigher-security values, and the mailing addresses designated aslower-security values. In some cases, these two different tables may belinked by a primary key in one table that is referenced as a foreign keyin another table, and a query from a workload application may specify ajoin. Some embodiments may retrieve, for example, every record in thefirst database having pointers to values in the second database thatreflect the credit card numbers, merge those values, determine whichforeign keys in the table having mailing addresses are responsive to thequery criteria, and then issue a subsequent query to the first remotedatabase for those records. In some cases, to expedite these operations,an index may be maintained in which the pointers are associated withvalues that indicate whether the values are responsive to certaincriteria (e.g., a threshold number of prefix characters or suffixcharacters), and embodiments may access this index to identify a subsetof pointers for which values are retrieved from the secure datastore.

Some embodiments may interface with databases with the techniquesdescribed in U.S. patent application Ser. No. 16/024,792, titledREPLACING DISTINCT DATA IN A RELATIONAL DATABASE WITH A DISTINCTREFERENCE TO THAT DATA AND DISTINCT DE-REFERENCING OF DATABASE DATA,filed 30 Jun. 2018, the contents of which are hereby incorporated byreference.

In some embodiments, these operations may be expedited by assigningpointers or other types of unique identifiers that are based on thecontent of the values to which the pointers point, for example, based oncryptographic hash values based solely on the content of the values towhich the pointers point. As a result, different instances, of the samevalue, for example, in different rows or other tuples of a database maycorrespond to the same pointer. These pointers may be said to be uniqueidentifiers in the sense that they uniquely identify content, in somecases without revealing the semantic information in that content, forinstance, with the cryptographic hash identifier, while still having thesame unique identifier replicated for multiple instances of that valueappearing at multiple rows and a database, for example.

In some cases, values may be cryptographically hashed in conjunctionwith a tenant identifier (e.g., by concatenating the values with adelimiter before inputting to a hash function), such as a random stringof a certain amount of entropy, like longer than 64 bytes, so that thesame value for a given tenant consistently hashes to the same pointer,while the same value for different tenants hash to different pointers.Or in some cases, the unique identifiers may be unique between instancesas well. Thus, the same value appearing in two different rows may have adifferent unique identifier in each instance, though some embodimentsmay operate more slowly as a result. In some embodiments, the securitydriver may detect duplicate instances of a pointer when reading backdata, and cause a single request from the second remote database for asingle value to populate each of these positions held by the differentinstances of the same pointer. Thus, fields with a relatively lowcardinality may still facilitate relatively fast joints even when thosefields are designated as relatively high security, and a relativelysmall number of values may populate a relatively large number of rows.

Similar operations may be performed when writing, for example, bygrouping data classified as high security according to the value, forexample, by sorting the data and then detecting groups of instances inwhich the values are the same, or storing the data in a hash table anddetecting duplicates with hash collisions where the same values arewritten to the same index of the hash table. In these examples, someembodiments may then assign the same unique identifier to each instancein the group where this value is the same, and cause that uniqueidentifier, which may serve as a pointer, to be stored in place of thosehigher-security values in the first remote database.

Upon replacing pointers with the values from the second remote database,as indicated in block 218, some embodiments may provide a modified queryresponse to the querying application, as indicated by block 220. In someembodiments, the querying application may be a different workloadapplication from that which wrote the data, and in some cases, may be ona different computing device. In some cases, data be read multiple timesfor a given write, or data may be written multiple times before a mostrecent version of the value is read.

Immutable Logging of Access Requests to Distributed File Systems

It is becoming increasingly common to use third party off-site datastorage platforms (e.g., Dropbox™ or Google Drive™) as well as on-siteplatforms (e.g., SharePoint™, Confluence™, OwnCloud™, etc.), but inthese systems, auditing changes to these files becomes a difficult andoften impractical task. In some cases, files are stored in largecontiguous chunks that pose easy access for threat-actors, and in manycases, changes to the data do not yield a reliable record by which suchchanges may be detected. For instance, upon penetrating such a system,and making a change, a threat actor may also doctor log records or otherrecords by which a change would otherwise be detectable. (Again, none ofwhich is to suggest that such approaches are disclaimed.)

As noted above, traditional databases do not adequately protect againstthreat actors or internal resources (employees, information-technologystaff, etc.) tampering the data. To the extent such systems have auditlogs, those logs are often only as secure as the data for which accessis logged, meaning that if the data is compromised, often so is theaudit log. Some products offer “secure storage” through the use ofpassword protected folders or data storage areas, however such productsgenerally do not provide immutable and distributed properties andoften-times their audit logs can be modified, particularly by employeeswith elevated-access credentials.

As noted above, by scattering (e.g., breaking up into segments anddistributing) files into one or more blockchains, some embodiments areable to provide immutable and distributed properties to files. Further,since the files are distributed, in some embodiments, there is anapplication that reassembles the files. By making that reassemblyprocess necessary, some embodiments form a control point by which theembodiment is able to produce a blockchain-backed audit trail of everyaccess to the files (or database values or log entries) stored usingthis method.

As noted above, in some embodiments, data access is implemented in anapplication (e.g., a client-side application) that is capable oflistening to events generated by an operating system's filesystem,reading in the changes that caused the notification and reporting themto an application referred to as “an arbiter” instance for scatteringand storage in blockchains. In some embodiments, the scatter operation'sresultant TXID is what is stored in place of the actual data on theclient's filesystem, or similar approaches like those described abovemay be implemented with the security driver above.

When a read operation is requested by the filesystem, in someembodiments, the stored TXID (or other pointer) is sent to an arbiterinstance for reassembly, loaded in place and then that file's defaultapplication handler is opened with that file (e.g., in some cases, a PDFfile would generally be opened with Adobe Reader™). If the user does notdesire to have a filesystem reader placed on an entire filesystem orsubset of a filesystem (a directory), in some embodiments, a user couldscatter a file by accessing a context menu and directing the file to beplaced in ScatterFS.

Finally, in some embodiments, an application program interface (API) maybe exposed so that any third party application can pass a file-handle,buffer or other data-stream for scattering and storage.

Thus, some embodiments may distribute data among multiple computingdevices, in some cases in a peer-to-peer network hosting an immutabledistributed data structure, like a blockchain, and those embodiments maylog and store access records in another (or the same) blockchain,thereby monitoring a necessary control point to access the data andcreating an immutable record of such access attempts. It should beappreciated that the present techniques are not limited toblockchain-based distributed databases, and similar techniques arecontemplated for other distributed file systems, e.g., Network FileSystem, Self-certifying File System, Server Message Block, MapR FS,Amazon S3, and Starfish distributed file systems.

In some embodiments, logging and log analysis may be implemented with aprocess 230 shown in FIG. 9 . In some embodiments, the process 230 maybe executed at least in part by a system implementing one or more of theabove-described techniques. In some embodiments, logging may beimplemented on a computing device that serves as a chokepoint in theaggregation or disaggregation of information being stored into or readfrom a distributed data store like that described above or other typesof distributed data stores. In some embodiments, the information may bedistributed in such a way that each unit of content requires informationfrom different computing devices to be accessed (e.g., in virtue ofsegmenting or separation of encryption keys from cyphertexts), and thatinformation from different computing devices may be aggregated by acomputing device that causes logging in a tamper-evident log. Similarly,write operations may be logged by a computing device that causes theinformation to be broken up and distributed among the differentcomputing devices (e.g. with segmenting or separation of cyphertextsfrom encryption keys, or combinations thereof). Thus, in some cases,logging occurs during each access operation in virtue of logging beingeffectuated by a computing device necessary to read or write informationthat is otherwise inaccessible unless the information passes throughthat computing device that causes logging. In some embodiments, theinformation may be logged in a tamper-evident, immutable log like thatdescribed above, in some cases in the same data structures that storethe information being accessed, such as workload content like databaseentries and various types of documents in a file system. In some cases,logging may be effectuated, for example, caused by the above-describedtranslator 20 of FIG. 1 , but embodiments are not limited to thatimplementation, which is not to suggest that any other description islimiting.

In some embodiments, the process 230 includes receiving a request toaccess a distributed data store, as indicated by block 230. In someembodiments, the request may be a read request or write request. In someembodiments, the right request is accompanied with a unit of content,such as a value being displaced with a pointer in the lower-trustdatabase 14 in accordance with the above-described techniques, or adocument being replaced by a pointer in a lower-trust file system inaccordance with the above techniques, which is not to suggest thatdocuments cannot be stored in a database as values in that database orthe any other description herein is limiting. Similarly, and some cases,a read request may be accompanied with a pointer stored in a lower-trustdata store in place of the unit of content and read in accordance withthe above techniques. In some cases, the unit of content to be accessedis referenced with a pointer to a segment that serves in a first segmentin a content graft like that described above, such as a linked list ofsegments where different segments of the unit of content are distributedamong different tamper-evident directed acyclic graphs.

In some embodiments, the process 230 may include aggregating ordisaggregating units of content pertaining to the access request, asindicated by block 234. In some embodiments, this may include thesegmentation operations described above with reference to block 112 orthe joining of segments described above with reference to block 164. InFIGS. 4 and 4 , respectively. Alternatively, or additionally, this mayinclude encryption and separation for storage of cyphertexts fromencryption keys or bringing separately stored encryption keys andcyphertexts together to effectual decryption.

Before or after aggregating or disaggregating (which is not to suggestthat any other step herein is limited to the sequence described in thepresent example) some embodiments may cause logging of the accessrequest in an entry in a tamper-evident log, and logging may be causedwith a computing device participating in aggregating or disaggregatingthe units of content, as indicated by block 236. In some embodiments,logging may be caused by a computing device necessary to make the unitsof content accessible through the aggregating or disaggregating. In someembodiments, logging may be caused by the above-described translator 20,which is not to suggest that the translator 20 is required in allembodiments consistent with all of the present techniques, or that anyother description herein is limiting.

In some cases, causing logging includes selecting one or more of theabove-described directed acyclic graphs, like those discussed withreference to FIG. 5 and stored in the storage compute nodes 26 of FIG. 1. In some cases, causing logging includes sending an instruction to oneor more of those directed acyclic graphs (e.g., to a service monitoringa network socket and managing the graph responsive to such instructions)to store a record describing a logged event in the directed acyclicgraphs, for example, storing the record as a document in accordance withthe techniques described above with reference to FIGS. 2 and 3 , and insome cases fragmenting the record into multiple segments in accordancewith the techniques described above with reference to FIGS. 4 and 5 . Orin some cases, the record may be stored outside of the tamper-evidentlog, and a cryptographic hash of the record and a timestamp of therecord may be stored as node content of one of the above-describedtamper-evident directed acyclic graphs having cryptographic hashpointers as edges. In some embodiments, in virtue of these graphs,modifications to records describing log entries may be computationallyinfeasible to conceal, as the chain sequence of cryptographic hashvalues in the directed acyclic graphs based upon those records maycreate an insurmountable computational challenge to calculate hashcollisions along the entire sequence of a path through the directedacyclic graph that collides with the values produced by the originalunaltered record. (It should be noted that attributes of nodes may bestored in edges or vice versa.)

In some embodiments, the process 230 includes logging entries thatdescribe a variety of different aspects of the access request. In someembodiments, the entry is documented with a record that includes anidentifier of a user account making the access request, an identifier ofan application, such as a workload application through which the accessrequest was submitted, a content of the access request, such as acommand including content to be written or identifying units of contentto be read. Such records may further include a timestamp, such as a dateor date and time indicating when the access request was received. Therecords in some cases may include a geolocation of a computing devicesubmitting the request. In some embodiments, such records documentingentries in the tamper-evident log may further include identifiers ofcomputing devices through which the access requests were submitted tothe above-describe system, such as MAC addresses, Internet Protocoladdresses, browser fingerprints, hardware fingerprints, or the like.

Some embodiments may store the tamper-evident log in memory, asindicated by block 238, which in some cases may include adding a newentry or modifying an entry in a tamper-evident log already stored inmemory, which may be replicated in multiple instances in accordance withthe techniques described above. This may include forming part of a blockto be added at a later time to such a log, e.g., a blockchain.

Some embodiments of the process 230 may include validating thetamper-evident log, as indicated by 240. Validation may includedetermining whether the tamper-evident log indicates that logged entrieshave been modified after being logged. In some embodiments, thisoperation may include accessing a current log version of an entry andthen calculating a cryptographic hash value based on that current logentry. Some embodiments may then compare that current cryptographic hashvalue to one or more other cryptographic hash values in thetamper-evident log, for example, some embodiments may compare thatcryptographic hash value to a cryptographic hash value stored in anadjacent node in one of the above-described directed acyclic graphs todetermine whether the cryptographic hash values match or, if they do notmatch, indicate that the record was modified. In some embodiments, asequence of cryptographic hash values based upon one another may becalculated to determine which match and identify a path through adirected acyclic graph to a node where the cause of a discrepancyresides. In some embodiments, validation may occur upon each writeoperation, periodically, upon each read operation, or according to someother schedule or event.

Detectability of tampering may deter threat actors from modifying logentries or maliciously accessing data in virtue of the difficulty ofmodifying log entries in a concealable manner. Further, some embodimentsmay fragment log entries in accordance with some of the above-describetechniques, further making modifications difficult, as a heterogeneousset of different computing devices on different networks may need to becompromised to modify each segment even if a threat actor somehow wasable to compromise the mechanisms by which tampering is indicated.

In some embodiments, the process 230 includes determining whether thevalidation operation evinces tampering, as indicated by block 241, forexample indicating a mismatch between cryptographic hash values within adirected acyclic graph. Upon detecting tampering, some embodiments mayemit an alarm, as indicated by 242. In some embodiments, the alarm maybe emitted by sending an email, text message, or chat message. Someembodiments may further proceed to take certain operations to lockeddown portions of a system, for example, disabling credentials, reducinglevels of access associated with credentials, adjusting some of thebelow-described thresholds to decrease an amount of data that may beaccessed before subsequent access is slowed or blocked, or limitingaccess to lower-security data.

In some embodiments, upon determining that there is no evidence oftampering, or after emitting the alarm, some embodiments may proceed todetermine a risk metric based on access requests documented in thetamper-evident log, as indicated by block 244. Risk metrics may take avariety of different forms, and in some cases risk metrics may becalculated for a variety of different entities. For example, differentrisk metrics may be calculated for different users, workloadapplications, computing devices, or combinations thereof. In someembodiments, the risk metric may be an amount of access requestsreceived within a trailing duration of time, a total amount of accessrequests, or combination thereof. In some embodiments, the risk metricis based on deviation from previous patterns of behavior. For example,some embodiments may train a machine learning algorithm, such as ahidden Markov model, recurrent neural network, or the like, based onhistorical log events, to predict the likelihood of various types ofaccess requests (or sequences of such requests), such as to particularunits of content, types of unit of content, amounts of access requests,frequencies of access requests, or the like, for a given user, workloadapplication, computing device, portion of a network, or combinationthereof. Some embodiments may then compare these predictions based on acurrent trailing sequence of logged events with later received accessrequests and determine a risk metric based on the likelihood, forexample, a probability of the given access requests given previousbehavior. Failures of such predictive models may be evidence ofanomalous, malicious behavior. Some embodiments may use this probabilityis a risk metric or determine an aggregate of these probabilities over aplurality of risk metrics, such as a measure of central tendency, like amean, median, or mode of these probabilities over a trailing duration ornumber of access requests.

In another example, the risk metric may be based on the content of unitsof content being written. For example, some embodiments may calculate anentropy of units of content being written and compare that entropy tomeasures of entropy associated with other units of content historicallywritten to the distributed data store, for example, previous databaseentries or documents. In some embodiments, this difference may beindicative of a ransomware attack in which relatively high entropyencrypted versions of data are being written as a current version.(Though it should be noted that some implementations may use animmutable data store in which earlier values remain in place and systemsmay be rolled back to earlier values in the event of such an attack insome embodiments by replacing pointers in lower-trust storage to currentversions to be pointers to last-known good versions.)

Next, some embodiments may determine whether the risk metric exceeds orotherwise satisfies a first threshold, as indicated by block 246.Comparisons to thresholds described herein should not be limited to acomparison that depends upon the sign of the values applied, which isnot to suggest that any other description is limiting. The term“satisfies” is used generally to refer to scenarios in which onethreshold may be satisfied by exceeding (or being equal to in somecases) that threshold and an equivalent threshold in which values arewas multiplied by −1 may be satisfied by being less than (or being equalto in some cases) that threshold, or vice versa. Upon determining thatthe risk metric satisfies the first threshold, some embodiments mayblock subsequent responses to subsequent access requests, as indicatedby block 248. In some cases, blocking may be implemented by thecomputing device participating in aggregating or disaggregating theunits of content discussed above with reference to block 236.

If access is not blocked, some embodiments may compare the risk metricto a second threshold, as indicated by block 250. In some embodiments,the second threshold may be less stringent than the first threshold, forexample, corresponding to lower levels of risk. In some embodiments,upon determining that the risk metric satisfies the second threshold,some embodiments may delay subsequent responses to subsequent accessrequests, as indicated by block 252. In some embodiments, this mayinclude starting a countdown timer and determining when a designatedduration of time has elapsed before aggregating or returning units ofcontent or disaggregating and writing units of content, in some casesfor each unit of content in an access request pertaining to a pluralityof units of content. Thus, some embodiments may implement a softblocking mechanism by which functionality is provided at a certainlevel, while delaying in providing time for a human response in theevent that a scripted attack is occurring. In some embodiments, uponsatisfying the first or second thresholds in block 246 and 250, someembodiments may emit an alarm using techniques like those describedabove to facilitate investigation and, if needed human intervention.Embodiments may then return to wait for the next request to access thedistributed data store in block 232.

Storing Differentials of Files Ina Distributed Blockchain

Often, blockchain-based databases are not well suited for storage oflarge, frequently modified collections of data, like files or otherbinary blobs of data. Because of the immutable nature of blockchains,previous entries in a chain (which may represent files or values in adatabase) generally cannot be deleted or overwritten. Thus, each versionof a file can add to the size of a blockchain ledger, and where the fileis stored in the ledger and modified frequently, the size of ablockchain ledger can become too expansive to be efficiently accessed.

To combat the above-noted negative consequences of the immutableproperty of blockchains, some embodiments store only changes(differentials) of files over time, rather than entire copies of a fileat each change.

Some embodiments may receive a write request for a modified file (orother blob of data) and determine whether the data has changed from aprevious version. In some embodiments, upon reading the data initially,hash digest (e.g., a MD5 hash) of the data may be calculated and held inmemory. Upon a write, a new hash may be calculated based on the data tobe re-written to memory, and that hash may be compared to the earlierhash to determine whether the file has changed.

Upon detecting a change, some embodiments may determine a delta betweenan earlier version (e.g., a most recent version) and a current version.In some cases, the database may store a delta of an earlier change, andsome embodiments may iterate through a sequence of deltas to re-create aprevious version of a document or other file. Upon obtaining the mostrecent version, some embodiments may determine a delta with the newversion, e.g., by determining a set of longest common subsequencesbetween the versions and store the resultant diff, e.g., in unifiedformat.

In most cases, it is expected that the resultant diff will be muchsmaller than the new version of the file (or other blob). As such,storing the diff in the blockchain is expected to be lesscomputationally expensive than storing the entire new version. Further,because the file itself is ultimately stored in the blockchain (ratherthan just a hash digest), the system is expected to be more robust tovarious attacks, such as a hash collision attack. In such attacks,malicious content is selected and designed to produce the same hash asstored data, and that malicious data is substituted in the database forthe authentic data. With traditional systems, the blockchain will yielda hash value that validates the malicious content as authentic. Incontrast, some embodiments circumvent this attack vector by storing thedata committed to the database in the blockchain. Further, in contrastto systems that merely store a hash digest of a document in the chain,some embodiments offer increased control of the file (or other BLOB). Inthese older systems that only store a hash digest, the system does nothave no control of the file. Such systems could delete the file from theexternal data-store, and all that would be left with in a chain is thehash digest. That is, such systems can authenticate a file, but theycannot reproduce the file. That said, not all embodiments afford thesebenefits, as various engineering and cost tradeoffs are envisioned, andmultiple independently useful inventions are described, which is not tosuggest that any other description is limiting.

In some embodiments, the above techniques may be implemented withprocesses described below with reference to FIGS. 10 and 11 that operateupon a data structure described below with reference to FIG. 12 .

As shown in FIG. 10 , some embodiments may include a process 260 thatwrites a difference between a new version of a document and previouslystored versions of a document to a tamper-evident, immutable datarepository, such as a block chain or one of the above-described examplesof directed acyclic graphs having cryptographic hash pointers. In someembodiments, the process 260 may be executed by the above-describedsecurity driver 30 in conjunction with the above-described translators20 or by other components, for example, based on a gateway on a networkresiding between network storage or a database and a client computingdevice. In some embodiments, the process 260 may be executed by aclient-side application that wraps or otherwise interfaces between aclient-side workload application and a database driver or a filesystemdriver, for example, a file system driver executing in the sameoperating system as the workload application and the process performingthe operations of FIGS. 10 and 11 .

In some embodiments, a filesystem of a local computing device includes ahierarchy of directories having files arranged therein, for example,binary large objects with various examples of metadata, like file names,creation dates, modification dates, authors, permissions to access, andthe like. In some embodiments, these directories may be localdirectories stored on the computing device executing a workloadapplication or on a remote network attached storage device. In someembodiments, some of the files in the directories may be replaced withtext files having computer readable pointers to, for example, documentsstored with techniques like those described above, and some embodimentsmay intercept (e.g., receive directly, pass through, observe uponfiltering, etc.) read or write access requests by a filesystem explorerapplication to a filesystem driver and detect these pointers disposed inthe directories in place of the documents. Some embodiments may then, inresponse, effectuate the corresponding operations on documents stored ina tamper-evident, immutable data repository, like those described aboveor other types of remote storage. In some cases, this may includecreating new versions, updating pointers stored in the directory, andvarious other operations. Further, these techniques may similarly beapplied to database read and write operations, for example, storingdifferences between previously stored values and databases that arerelatively large and new versions of those values in databases.

In some embodiments, the process 260 includes receiving a request towrite a new version of a document to a tamper-evident, immutable datarepository, as indicated by block 262. In some embodiments, thisoperation may be performed by the above-described security driver orother client-site arbiters, for example, with the process of FIG. 8 . Insome embodiments, the request may include a designation of the documentas higher security and a pointer to a previous version of the documentstored in the client-side computer accessible directory or database. Forexample, the user may have previously read the previous version intolocal memory of the client computing device workload application,transformed the previous version, and then requested to store the newversion, causing the request to be received in the operation of block162.

Next, some embodiments may determine that the new version of thedocument is different from the previous version of the document, asindicated by block 264. In some embodiments, this may be performed byretrieving the previous versions from the tamper-evident, immutable datarepository, for example, with a read process like that described belowwith reference to FIG. 11 . Or some embodiments may expedite thisdetermination by storing outside of the tamper-evident, immutable datarepository, an index that associates pointers to documents with hashdigests of those documents. In some embodiments, the hash digest is acryptographic hash value based upon the content of the document, or anon-cryptographic hash value based upon the content of the document. Itshould be noted, that not all hash functions are cryptographic hashfunctions having the attributes described above is being exhibited bysuch functions. In some cases, non-cryptographic hash functions may befaster to compute than cryptographic hash functions, or embodiments mayuse cryptographic hash functions to enhance security. Accordingly, someembodiments may make the determination of block 264 without retrievingthe previous version of the document from the tamper-evident, immutabledata repository, for example, by calculating a new hash digest based onthe new version and comparing that new hash digest to a previouslycalculated hash digest of the previous version stored outside thetamper-evident, immutable data repository, for example, in associationwith a pointer to that previous version in an index. Upon determiningthat the hash values match, some embodiments, may terminate the process260, as the previous version may be determined to be the same as the newversion.

Alternatively, upon determining that the new version of the document isdifferent from the previous version of the document, some embodimentsmay proceed to obtain the previous version of the document from thetamper-evident, immutable data repository, as indicated by block 266. Insome embodiments, this may include retrieving the previous version withread operations, for example, like those described with reference toFIG. 11 , which in some cases may engage the processes described abovewith reference to FIGS. 2, 5, 6, and 7 .

Next, some embodiments may determine a set of changes required totransform the previous version into the new version of the document, asindicated by block 268. In some embodiments, this operation may berelatively computationally expensive and include determining a longestmatching substring between the two documents in the course ofdetermining a minimum set of changes required to transform the previousversion into the new version. In some cases, these changes may belimited to deletions, appending text (e.g., prepending or postpending),and changing values of existing text. In some embodiments, thedetermination may be made with a diff operation in which the previousversion and the new version are input into a diff function, which mayreturn the set of changes. In some embodiments, the changes may beimplemented with the Hunt-McIlroy algorithm, as described in a papertitled AN ALGORITHM FOR DIFFERENTIAL FILE COMPARISON by Hunt andMcIlroy, Bell Laboratories Computing science technical report, 1976, thecontents of which are hereby incorporated by reference.

In some cases, to expedite comparisons, each line of the two documentsmay be transformed into a hash digest of that line that is relativelyfast to operate upon, for example, converting each line with a hashfunction into a 64 bit or shorter, such as a 32 bit or shorter or 16 bitor shorter hash digest of the content of that respective line. Thus,each of the two documents may be transformed into an ordered list ofhash digests, and some embodiments may then compare the two ordered listof hash digest to identify sequences of text that are likely to have notchanged between the two versions. For example, some embodiments mayidentify a number of lines at a beginning and an end of the list wherethere are no changes. Upon detecting a line at which changes begin, someembodiments may then search forward in one list until a match is found,thereby potentially detecting insertions.

Some embodiments may then store the set of changes in thetamper-evident, immutable data repository, as indicated by block 270. Insome cases, this may include performing the operations of FIG. 2 on thedata structure of FIG. 3 to store a document, or segmenting the documentin accordance with the techniques described above with reference toFIGS. 5 and 6 and storing the document in that manner.

Some embodiments may further include storing a pointer to the previousversion of the document in association with the set of changes, asindicated by block 272. In some embodiments, the pointer to the previousversion of the document may be stored in the tamper-evident immutabledata repository as metadata to the set of changes, thereby forming anode and edge of a version graph, like that described below withreference to FIG. 12 . In some embodiments, documents may be encoded asa linked list of sets of changes with pointers between the sets ofchanges tracing back to an initial version of the document, for example,in the above-described data structures, and documents may be retrievedby retrieving each of the sets of changes and then iteratively applyingthem, as described in greater detail below with reference to FIG. 11 .

In some embodiments, an updated pointer to the newly stored set ofchanges from block 270 may be stored in the file system (or databasecell) in place of the previous pointer submitted with the request towrite the new version in block 262. Thus, a subsequent read request forthat file may identify that new pointer and retrieve the new set ofchanges and then trace back to the initial version through the previousversion, as described in greater detail below with reference to FIG. 11. Similar operations, like those described above, may be performed on avalue stored in a database, replacing a pointer in a database cell toreference the new version.

In some embodiments, version graphs may branch. For example a user mayrequest to write to a previous version of a document or to write to newversions to a previous version of the document, thereby forming parallelchange of a version graph that share a subset of their version historywith one another but then branch a part later in the version graph. Thisis expected to further compress data and increase the amount ofdocuments that can be stored in a given amount of storage in atamper-evident, immutable data repository.

FIG. 11 shows an example of a process 280 to read a document, or otherunit of content, from a tamper-evident, immutable data repositorystoring version graphs of documents as sequences of differences betweenversions of documents tracing back to initial version. In someembodiments, the process 280 may be performed in the course of obtainingthe previous version of the document in block 266 of FIG. 10 , or uponreceiving a request by workload application to access a stored document,for example, upon intercepting a request to a file system driver toaccess a document replaced with a pointer to a document stored in one ofthe above-describe data structures.

In some embodiments, the process 280 includes receiving a read requestidentifying a pointer to a most recent version of a document in atamper-evident, immutable data repository, as indicated by block 282. Insome cases, the pointer may be to a previous version, for example, upona user requesting to roll back to a previous version. In someembodiments, the read request may be intercepted with the techniquesdescribed above by which write requests are intercepted.

Next, some embodiments may read the version located by the currentpointer, as indicated by block 284, for example by performing the readoperations described above by which documents are retrieved in the datastructures of FIG. 3 or FIG. 5 , or other database entries are received.

Some embodiments may then determine whether the red version is theinitial version of the document or other unit of content, as indicatedby block 286. In some cases, an initial versions may be explicitlyflagged as such when stored, or initial versions may be implicitlydesignated as such in virtue of lacking a pointer to an earlier version.As noted above, pointers may be stored in association with subsequentversions, as discussed in reference to block 272.

Upon determining that the version retrieved was not the initial version,some embodiments may designate a pointer associated with the retrievedversion, for example, stored as metadata of the retrieved version in thetamper-evident, immutable data repository, as the current pointer, asindicated by block 288.

Next, some embodiments may add a set of changes associated with theretrieved version, for example, stored at a location or sequence oflocations in the tamper-evident, immutable data repository identified bythe current pointer, to a last in first out buffer, as indicated byblock 290. In some cases, the buffer may be characterized as a stack.Some embodiments may then return to block 284 to read the next earlierversion located by the updated current pointer in block 284.

Upon encountering an initial version in block 286, some embodiments mayproceed to block 292 and initialize a copy of the document to theinitial version, for example, setting a working copy of the document tobe equal to the initial version that was retrieved. Some embodiments maythen determine whether there are more changes in the buffer to process,indicated as indicated by block 294. In some cases, some embodiments maydetermine whether the buffer is empty or there are more values, that issets of changes, stacked in the buffer.

Some embodiments may, upon determining that there are more changes,retrieve a next set of changes from the buffer, as indicated by block296, in some cases this may include deleting that next set of changesfrom the buffer to update the buffer to reflect the next set of changesare to be applied. In some cases, this may be characterized as popping aset of changes from a stack.

Next, some embodiments may apply the next set of changes to the currentworking copy of the document, as indicated by block 298. In some cases,this may include accessing a set of deletion operations, changeoperations, and append operations. In some embodiments, these changesmay each be associated with a line number to which the change is to beapplied, a sequence with which the change is to be applied, and acontent in some cases to be applied, for example indicating replacementtext or appended text (or bits).

Some embodiments may then return to block 294 to determine whether theremore changes in the buffer. Upon reaching the end of the buffer, forexample, the bottom of the stack, some embodiments may proceed to block300 and return the copy of the document. In some cases, the copy of thedocument may be returned to a workload application configured to accessthe document, for example, based on a file system extension mapped inthe operating system to a particular workload application. In someembodiments, the read operation may be transparent to a user, and mayappear to the user as if the user is operating on a locally stored ornetwork stored copy of a document, with the user experience beingidentical or substantially identical to that experienced by a user whois not interfacing with the above-described secure distributed storage16, thereby providing higher security without imposing on users or insome cases requiring retrofits of workload applications that can beexpensive. (That said, embodiments are not limited to systems affordingthese benefits, which is not to suggest that other descriptions arelimiting.)

In some embodiments, the processes of FIGS. 10 and 11 may produce a datastructure 310 like that shown in FIG. 12 . In some embodiments, the datastructure 310 may include the verification graphs described above withreference the data structure 130 of FIG. 5 , along with the contentgraph 138 described above with reference to FIG. 5 . In this example,the content graph 138 may be a most recent stored version of a document,which may be a set of changes from an earlier version. In someembodiments, the earlier version may, for example, be an initial versionof a document, stored in another content graph 314 shown in FIG. 12 .Content graph 314 may, like content graph 138 include a sequence ofcontent nodes, such as segments, connected by pointers between thesegments, by which an initial version of a document or a set of changesassociated with a given version may be assembled during a readoperation. In some embodiments, thus, the data structure 310 may store athird overlaid graph, which may be a version graph 312. In this example,version graph 312 includes an edge 316, which may be a pointer from themost current version stored in content graph 238 to an earlier, initialversion stored in content graph 314. In some embodiments, the pointer tomay be to an initial segment of the content graph storing the earlierversion.

Simple & Complex where Clause Query in SQL Database with ReferenceValues (as a Database Driver)

Application stacks often use a database for data storage and retrieval.Such arrangements often support complex regular expressions (e.g., thosethat match to a variety of different strings) or other ‘wildcard’ typesearch over data stored in the database, like in a structured querylanguage (SQL) query. In many cases, a user may structure a query tosearch for an entire piece of data using a subset of that data, such asthe last four digits of a social security number or last four digits ofa credit card, and the user (which may alternatively be a process) maysubmit a query specifying the subset in the hope of retrieving the fullstring (or set of full strings) to which the subset corresponds.

However, in a database that has replaced plain-text data with referencesto the data (like in some of the databases describe herein, e.g., in alower-trust database 14), processes, in some cases, may have to takemany additional steps to be able to query the data, as there may be twodistinct data sets: a first data set may have the plain-text data setthat humans and applications use and, and a second data set may be thereference data set that is stored and used by the database server. Forexample, a reference data set may be stored in the a lower-trustdatabase 14 and the reference data set may reference correspondingentries of the plain-text data set within the secure distributed storage16. The entries of the plain-text data set need not be stored inplain-text, rather an entry may contain ciphertext from which theplain-text data may be derived provided appropriate credentials (e.g.,an encryption key operable to decrypt the ciphertext). The referencedata set within the lower-trust database 14, by contrast, containsinformation about locations of corresponding entries within the securedistributed storage 16, like a pointer, which may be a cryptographichash pointer. When a user or application with access to the first plaintext data set wants to query or look for data using the reference set, atranslation of data may need to occur before the query can besuccessfully processed. By way of example, if the plain text data is‘apple’, and reference is ‘abc123,’ when looking for ‘% ple,’ in somecases, embodiments may have to translate that plain text query into onethat will be successful on the database server to match ‘abc123’reference.

To address this need (or others), in some embodiments, as the query ispassed from the application through to a database server it is firstintercepted by driver software (like by a database driver 32 describedherein). Thus, for example, query processing may be implemented at, oras a component of, a database driver (e.g., like a database driver 32 ofFIG. 1 ), a translator (e.g., like a translator 20 of FIG. 1 ), agateway API (e.g., like a gateway API 510 of FIG. 15 ), a scribe (e.g.,like a scribe 505 of FIG. 15 ), or other component described herein.Moreover, the example processes discussed below may be integrated intoother processes described herein for servicing queries.

During (e.g., in response to and in the course of processing) anintercepted query, some embodiments of the process, such as whenimplemented within a database driver 32 or other component, inspect aquery to determine if any WHERE clause (in a query that is intercepted,which may be a SQL query for a relational database, an XPath query for adocument database, a JSONpath query for a document database, Cypher orother graph query languages for a graph database, or the like) or otherlookup command is both:

-   -   a. contained in the query text, and    -   b. indicates the searching is occurring on a column that has        reference set data (e.g., references values in secure        distributed storage 16).        If both a & b are true, in response, some embodiments transform        terms in the query from being a part of the plain-text set into        a corresponding reference-set.

Some embodiments of simple and complex WHERE clause queries in SQLdatabases with reference values (as a database driver) include a processincluding one or more of the following operations: receiving a queryhaving a term that specifies content that has been replaced in a firstdatabase with pointers to that content in a second database; detectingthat the term specifies content that has been replaced; translating theterm into a pointer or set of pointers that correspond to locations ofthe replaced content in the second database; and submitting the query tothe first database.

Continuing with the above example, for a simple search criteria, such ascol1=‘apple,’ some embodiments send the string ‘apple’ to a translator20 and receive in response a reference value for that word (in somecases, engaging a scatter process to return a distinct reference fordistinct data), and replace the plain-text terms in the query (e.g.,‘apple’ in this case) with the returned reference ‘abc123.’ As a result,the query the clause that results may now be expressed col1=‘abc123.’This transformed query may be sent to the lower-trust database 14, andmay be be a successful query on the database server. For instance,embodiments may seek all recipe titles in column 2 (that is lower-trust)that have as a primary ingredient “apple” in column 1 (that ishigher-trust). Embodiments may return a correct list of responsivecolumn 2 values without de-scattering and replacing every referencevalue for every row in column 1. In some embodiments, each distinctplain-text data in the set maps to a distinct reference set value (orset of values of manageable size given available computing resources).

Other cases are more complicated, such as those with wildcard operators.In the case of col2=‘%1234,’ where “%” indicates a wildcard operatorthat can be satisfied by any of a variety of characters in a set of morethan 1, embodiments are looking for values that end with ‘1234,’ and inthe plain-text set, embodiments translate that into the reference setdifferently. Some embodiments send the query term ‘%1234’ to beprocessed externally. In some embodiments, various hashing techniquesmay be utilized to generate meta-information about the plain-text anddata-stores, example of which may include but are not limited to Bloomfilters or other search data-structures. Some embodiments compile a listof potential reference set value that could satisfy the plain-text setsearch of ‘%1234’. After this set of potential references is found, itis sent back to the query and the query is modified to include thosecandidates as alternatives, e.g., col2 IN (‘abc234’, ‘abc567’,‘abc789’), where any of those reference set values map to plain-text setvalues which match the ‘%1234’. Upon replacing the corresponding term inthe query with this more complex, translated term, the lower-trustdatabase is now capable of executing the query, as the transformationhas translated all plain-text set values implicating data in the securedistributed storage 16 into their reference set equivalent.

Further, some embodiments may change col2=‘%1234’ to SELECT*from col2,and then, after translating all reference set values to plain-text set,embodiments may iterate though and match values to the original query.This adds latency, large memory requirements, and negates the purpose ofthe database server, but may be implemented where such tradeoffs areappropriate.

Replacing Distinct Data in a Relational Database with a DistinctReference to that Data (Box)

Relational databases often rely upon matching values in different tablesto ensure referential integrity of the data. These references are whatenable the JOIN operations in a relational database to properly execute,e.g., JOINing table A to table B on a value that appears in both tables.In some applications, it may be useful to replace plain-text values withreferences to those plain-text values for security reasons (forinstance, in accordance with the approaches described herein, in whichvalues in a lower-trust database 14 are replaced with references tolocations where those values are stored in a secure distributed storage16). To facilitate proper execution of the relational database, it ishelpful if the above property remains true.

Some embodiments of replacing distinct data in a relational databasewith a distinct reference to that data (box) include a process includingone or more of the following operations: determining that a value in orto be written to a first table in a first database is to be representedwith a pointer to where that value is stored in a second database;storing the pointer in the first database in place of the value, whereinthe pointer does not reveal the value; determining that the value servesor is to serve as a foreign key in a second table of the first database;and in response, storing the pointer in place of the value in the secondtable of the first database.

In some implementations discussed herein, when removing a data valuefrom a lower-trust database (e.g., lower-trust database 14) andreplacing the data value in that database with a reference to that datavalue in another, more secure storage, for security or other needs(e.g., replacing it with a pointer to where the value is stored in ahigher-trust database, like secure distributed storage 16), eachreference to distinct data is also distinct. For instance, a primary keyof the word ‘apple’ in an example Column 1 of a Table A may have aforeign key relationship on a Table B Column 3 with the word ‘apple’ asthe foreign key. When replacing ‘apple’ with a reference to ‘apple’ inTable A Col 1, embodiments may need to update all instances of the word‘apple’ in all tables with the exact same reference (or other value bywhich a logical connection may be made). Otherwise, in some cases, aJOIN between Table A and Table B will not produce any records as ‘apple’is represented (or referenced) by two different references. Without thisproperty, the relational database server may not properly relate recordsin some use cases.

In some example embodiments, processes for replacing distinct data in arelational database with a distinct reference to that data may beimplemented at, or as a component of, a database driver (e.g., like adatabase driver 32 of FIG. 1 ), a translator (e.g., like a translator 20of FIG. 1 ), a gateway API (e.g., like a gateway API 510 of FIG. 15 ), ascribe (e.g., like a scribe 505 of FIG. 15 ), or other componentdescribed herein. Moreover, the example processes discussed below may beintegrated into other processes described herein for managing databaseswith references to data in other databases.

To address this need (or others) when replacing a value or set of valuesin a database with a reference to that value, embodiments of processesimplemented by one or more components for replacing a value with areference to that value may first select (or otherwise obtain) areference value. After selecting this reference, e.g., via adeterministic one-way function or via a nondeterministic process (insome cases, the reference is a pointer to the first chunk of the brokenup data as discussed herein), embodiments may then replace the plaintext data value in a given row of a given column in a table with thereference, e.g., for each row in the given column. At this point, someembodiments may check all relationships between that column and othercolumns of the database. If foreign key references to that particularcolumn are detected, then in response, some embodiments search thoseforeign key columns and update all instances of the plain text with theidentical reference value. In some cases, this may be implemented with acommand like the following: ‘Update FK_TABLE SETFK_KEY_COLUMN=“reference string” WHERE FK_KEY_COLUMN=“plain text value”.

Some embodiments may implement application level joining. Someembodiments may replace (e.g., all) text values (i.e., text values thereveal the referent of the text) with unique references (e.g., valuesthat indicate where something is stored but do not indicate the referentof the thing that is stored) (e.g., the word ‘apple’ would be referencedby different references for each instance of ‘apple’), and someembodiments may request all data that would trigger software to replacereferences with plain-text values on the way to the application, andthen the application will loop over all data and do the relationshipJOINs at the application layer.

Related issues arise when reading data. When selecting data from adatabase that has references instead of data, such as within alower-trust database 14, in some cases, embodiments need to replace thereferences to data with the actual data before the data is usable by anapplication or human. This could be achieved by blindly looping over allreferences and making a request to get the plain text data for thatreference, such as from a location within a secure distributed storage16 specified by that reference. This naïve approach (which is not tosuggest that it or anything else is disclaimed), however, can imposelatency costs, particularly when requesting the plain-text data forredundant references, e.g., requesting and receiving a plain-text valuefor a reference, and then requesting and receiving a plain-text valuefor the same distinct reference. This causes inefficient databasequeries and leads to increased query times.

To mitigate this or other issues, when iterating over a set of databasevalues returned from a database that contain references to data, someembodiments may identify (e.g., detect) all the distinct references inthe returned data. For example, embodiments of the may identify (e.g.,detect) all the distinct references in data returned by a lower-trustdatabase 14. Next, some embodiments selectively request the plain-textdata for the district references. To this end, some embodiments mayde-dupe the references, e.g., by sorting them or storing them in acontent-addressable data structure, like a hash table or trie (such as aradix tree or prefix tree). Some embodiments may then retrieve thevalues to which the references point (the plain-text data), e.g., fromthe secure decentralized storage 16. After receiving the plain-text datareturned for the distinct references, some embodiments iterate once morethrough the data (e.g., the data that was returned by the lower-trustdatabase 14) and replace all instances of that distinct reference withthe plain-text data in the query results. This is expected to ensurethat each reference is replaced with the correct plain-text data andthat embodiments (in some cases) only request data from a distinctreference one time to reduce query response times and energy.

In some embodiments, the same reference tokens may correspond todifferent entries that have the same content for a given tenant, butthat content may produce different reference tokens for other tenants.For instance, reference tokens may be generated based on both thecontent being stored and an identifier of a tenant that distinguishesthat tenant from other tenants using the secure distributed storage 16.

In some cases, the application layer can make requests to get plain-textvalues back either distinctly or for every reference.

Number Line Sort (NLS)

Some embodiments of number line sorting include a process including oneor more of the following operations: obtaining access to a firstdatabase and second database, wherein: the first database storesrelationships between values of a plurality of fields, values of a firstsubset of the fields, and references to locations of values of a secondsubset of the fields stored in the second database, and the referencesdo not reveal the values stored in the second database at locationsindicated by the references; for a given field in the second subset,forming mapping each reference stored in the first database under thegiven field to a sort key, wherein: the sort keys are in a namespacethat indicates order of the sort keys, such that some sort keys aregreater than other sort keys in the namespace, the sort key namespace islarger than a cardinality of the given field, at least some sort keysare selected to be ordered in the namespace between: sort keys mapped toreferences that correspond to values in the second database that arelarger than a value in the second database corresponding to a referenceto be mapped to the respective sort key, and sort keys mapped toreferences that correspond to values in the second database that aresmaller than the value in the second database corresponding to thereference to be mapped to the respective sort key; receiving a queryconfigured to be applied to the first database; determining that thequery includes an operator that specifies a sort operation based on thegiven field in the second subset and, in response, reforming the queryto specify a sort operation based on the sort keys and not based onentries of stored in the first database under the given field.

For reasons discussed with reference to FIG. 1 and the example computingenvironment, it may be useful to organize data in multiple databases,such that a lower-trust database (like a lower-trust database 14) storesthe less sensitive portions of the information and relationships betweenvalues and a higher-trust database (like a decentralized data store,such as a secure distributed storage 16) separately stores moresensitive values. Pointers or other references (also called tokens insome cases) may be placed in the lower-trust database in place of thevalues (also called plain-text values in some cases) stored in thehigher-security database, so that relationships between values in thelower-trust database are maintained, information can be to retrievedbased on the pointers from the more secure database, and the sensitivevalues are concealed in the event of a breach of the lower-trustdatabase.

One consequence of this arrangement is that certain types of queriessent to the lower-trust database can be challenging, particularly whenquery results depend upon values taken by entries stored in thehigher-security database. For some types of latency-sensitive queries,it can be relatively slow, and in some cases prohibitively slow, toperform a lookup on every pointer in the lower-security database toretrieve the value reference by a pointer in order to process a query,and such arrangements in some cases can be less secure, as processeshandling sensitive values in this manner may have a larger attacksurface.

For example, some types of queries, such as some types of SQL queries,request that values be sorted, for instance, sorted according to afield, like a column, referenced in the query. In some cases, theseoperations may be invoked with, and their presence signaled by, theORDER BY operator in a query. However, when sorting according to a fieldwith values that have been replaced by pointers in the lower-trustdatabase, and when one desires to avoid retrieving the values to whichthe pointers point in order to process the query, such queries may bedefeated or otherwise impaired, as the references stored in thelower-trust database generally do not indicate ordering of the sensitivevalues to which they point. Thus, it would be useful to maintain in thelower-security portion of the system an ordered list of pointers thatare arranged in order of the values to which the pointers point. But inbuilding such a list, for some use cases, it may be important thatdifferences between values to which pointers point are not the same asdifferences between addresses or other namespace entries of thosepointers, so that information about values referenced by pointers is notleaked by the arrangement of pointers in the list.

To address this need (or others), some embodiments create a number-lineof restricted domain, such that the domain is larger than the range ofall possible values of the plain-text (i.e., the sensitive values towhich pointers point). In some cases, a cardinality of the sensitivevalues may be less than 10%, less than 1%, less than 0.1%, less than0.01%, or less than 0.00001% of a cardinality of values in the domain.Some embodiments may use an insertion-sort method to add data to thenumber line (or other set of cardinal or ordinal values), such thatinsertions correspond to a sort value that is a bi-sector between theimmediately lesser value and the immediately greater value on the numberline. This is referred to as the ‘sortvalue.’ Some embodiments maymaintain a list of pointers and their sort value, and embodiments mayreference the sort value when sorting by a field including the pointers.In some cases, embodiments may re-write queries transparently (from theperspective of a client application) process sort operations byreferencing the appropriate list of sort values rather than content of afield that has been displaced by pointers. In some cases, multiplefields in a table may have their own respective list of sort values. Insome cases, a given field may have multiple lists of sort values, eachcorresponding to a different way of ordering the entries (e.g.,numerically from first digit, numerically in reverse order within avalue from last digit, alphabetically from first character, numericallyin reverse order within a value from last character, etc.).

These techniques are illustrated by way of example in the accompanyingfigures and following sequence of tables. In some embodiments, thesetechniques may be implemented in a driver 32 or translator 20 asdiscussed herein or in other modules, for example, by a component of anAPI.

FIG. 13 is a data model diagram that shows an example of a data model bywhich data may be indexed based on a sortable value within a restricteddomain of index values without a delta-distance correspondence betweenadjacent data values at their respective adjacent index values tofacilitate obfuscation of sortable data value deltas for data valuesstored in verification graphs or other tamper-evident, immutable datarepositories in accordance with some embodiments.

FIG. 13 illustrates an example restricted domain index 400 from 0-100(e.g., real-numbers between 0 and 100). Input data, 405, may be indexedas described above, such as to the index value bi-sector between theimmediately lesser value and the immediately greater value on the numberline. Thus, for example, a first indexed value, ‘J’ may be placed at‘50’, which is the bi-sector of 0 and 100 given that no other values areindexed to data entry points 410 within the index domain. A secondindexed value, ‘X’, is greater than J within the data space, e.g.,numerical position within the alphabet, and thusly when indexed isplaced at the bi-sector of 50 and 100, i.e., ‘75’ within the restricteddomain index 400. Likewise the remaining values ‘R’ and then ‘B’ areindexed in the indicated order. Notably, a re-ordering of which theinput data values 405 are indexed may alter their corresponding dataentry point, but the order, i.e., B, J, R, X, when indexed would notchange.

FIG. 14A and FIG. 14B shows an example of a data model by which data maybe indexed based on a sortable value within a restricted domain of indexvalues without a delta-distance correspondence between adjacent datavalues at their respective adjacent index values to facilitateobfuscation of sortable data value deltas for data values stored inverification graphs or other tamper-evident, immutable data repositoriesin accordance with some embodiments.

FIG. 14A illustrates Delta-R values 420 between the data entry pointswithin the restricted domain of index values for the example input dataand ordered input of that data from FIG. 13 .

FIG. 14B illustrates Delta-D values 425 between the indexed data valueswithin the data value domain (e.g., corresponding distances within the26 character alphabet) for the example input data and ordered input ofthat data from FIG. 13 .

As can be seen, the Delta-R values 420 of entry points adjacent to agiven entry point for a data value within the restricted domain of indexvalues do not have a correspondence to the Delta-D values 425 ofadjacent data values for those entry points. For example, given datavalue J at entry point 50, the adjacent data values for B and R eachhave a Delta-D of 8 from J, but the Delta-R values of correspondingentry points for B and R are 25 and 12.5, respectively. The order,however, is the same, even though the Delta-R and Delta-D values differ.Thus, the indexed data, J, X, R, B, within the restricted domain may beordered (e.g., least to greatest or vice versa) by their respectiveentry point values, 50, 75, 62.5, 25, without divulging of information(e.g., the Delta-D between adjacent data values) pertaining to theindexed data values based on entry location.

In some embodiments, the output, e.g., the resulting index of values(e.g., values having a data domain) within a restricted domain of indexvalues by the above described algorithm, may be characterized asfollows:

Output

∀i:Δ _(R) _(i) ≠Δ_(D) _(i)AND∀i:R _(i) <R _(i+1) ∧D _(i) <D _(i+1)

The above concepts in terms of an example applicable to distributeddatabases, such as where some data stored within a lower trust database(e.g., off-block) includes a reference to data values scattered within ahigher trust distributed data store (e.g., on-block), may be furtherunderstood in reference to the following example tables and operations:

TABLE lA (Students) LastName FirstName IsScholarship Smith John YDaniels Bob N Richards Bill N

SCATTER TABLE 1 ON: LastName

Off-block table, LastName values replaced with corresponding referencesto on-block values:

TABLE 1B (Students) LastName FirstName IsScholarship sdb_a0b1c3 John Yadb_alb2c4 Bob N sdb_a5b4c3 Bill N

On-block data, scattered, TXID operable to retrieve value:

TABLE 2 (Higher Security Table) TXID Value sdb_a0b1c3 Smith adb_alb2c4Daniels sdb_a5b4c3 Richards

Here, Table 2 is indicative of the data stored according to TXID, notingthat in terms of on-block storage the values are scattered by virtue ofthe different transactions and are individually retrieved responsive tolookup by TXID. In other words, to produce Table 2, a user or processwould have to know the constituent TXIDs. As described below, the TXIDsmay be stored off-block in correspondence to other data (e.g., lesssensitive data) in a lower security database.

Off-block sort table:

TABLE 3 (Lower Security Sort Table) TXID TableSpace Sort Valuesdb_a0b1c3 Students 50 adb_a1b2c4 Students 25 sdb_a5b4c3 Students 37.5

The sort table, e.g., table 3, may reside client side, server side, orboth for servicing of queries.

Some embodiments may identify a query sorting on a scattered field basedon “ORDER BY” operator. For example, a query pertaining to Table 1Bmight request “SELECT*from Students ORDER BY LastName” on Table 1B. Thequery may be rewritten by a joining of the query Table 1B and acorresponding SortTable, such as Table 3 within a TableSpace ‘Students’,such as with a “JOIN ON” operator. For example, JOIN ON SortTable(LastName=TXID and TableSpace=‘Students’).

TABLE 4 (Result of JOIN ON Table 3, the StortTable, and Table 1B, beingsorted) Sort_ LastName FirstName IsScholarship TXID TableSpace Valuesdb_ John Y sdb_ Students 50 a0b1c3 a0b1c3 adb_ Bob N adb_ Students 25a1b2c4 a1b2c4 sdb_ Bill N sdb_ Students 37.5 a5b4c3 a5b4c3

Within resulting table, Table 4, sort by Sort_Value to effectuate ORDERBY operator.

TABLE 5 (Result of ORDER BY Sort_Value on Table 4) Sort_ LastNameFirstName IsScholarship TXID TableSpace Value adb_ Bob N adb_ Students25 a1b2c4 a1b2c4 sdb_ Bill N sdb_ Students 37.5 a5b4c3 a5b4c3 sdb_ JohnY sdb_ Students 50 a0b1c3 a0b1c3

Retrieve on-block values for “LastName” to de-scatter table and returnresponse to query.

TABLE 6 (Query Response) LastName FirstName IsScholarship Daniels Bob NRichards Bill N Smith John Y

On large scales of records where the inserts are such that the sortorders ‘cluster’ together, there might not be able enough precision leftin the sort-number to adequately reflect a new object's order. Someembodiments may detect this condition and, in response, trigger areindexing operation.

Thus, in some embodiments, by retaining an ordering of the data which isrelated only to the values that come before and after a given datum,some embodiments are able assign a ‘secure’ sort key to each token orother pointer. By using the concept of the ‘number line’(or relatednamespaces with explicit or implied ordering and substantially largercardinality than that of data being organized) some embodiments are ableto provide a relatively fast implementation within the construct of arelational database (though similar techniques may also be applied tonon-relational databases, like document databases, key-value stores, andthe like). Using a ‘linked list’ or pointer arrangement wouldpotentially result in N{circumflex over ( )}2 more queries.

Blockchain Application Programming Interface

In some embodiments, a secure distributed storage, such as a securedistributed storage 16 may be accessed (e.g., to read, analyze, or writevalues) via an application program interface (API). In some cases, thisAPI may be exposed via a translator 20 (e.g., as illustrated in FIG. 1 )or an API server (e.g., as illustrated in FIG. 15 ). In some cases, APIrequests may be sent over a network, such as a public or privatenetwork, and some API requests may be conveyed between processesexecuting on the same computing device, for instance, via a loopback IPaddress or a system call. In some cases, the API be implemented as aninterface within a given process, such as an API of a framework orlibrary.

Some embodiments of the blockchain application programming interfaceinclude a process including one or more of the following operations:receiving a record to be stored to be stored in one or more blockchainsfrom a writing client application; forming a first identifier of therecord that distinguishes the record from other records stored in theblockchain; providing the first identifier of the record to the writingclient application; determining that the record is larger than athreshold size; in response to the determination, encrypting the record,storing a resulting ciphertext in a first datastore, and adding an entryto an index that maps the first identifier to the ciphertext in thefirst datastore; storing a first part of the record in the one or moreblockchains; before storing all of the record in the one or moreblockchains, receiving a first read request from a first reading clientapplication, the first reading application being the writing clientapplication or a different client application; in response to the firstread request, accessing the ciphertext based on the entry in the indexthat maps the first identifier to the ciphertext in the first datastore,decrypting the ciphertext to access the record, and providing the recordto the first reading client application; finishing storing the record inthe one or more blockchains and, in response, updating the index to mapthe first identifier to a location of at least part of the record in theone or more blockchains and deleting a cryptographic key of theciphertext or the ciphertext; before storing all of the record in theone or more blockchains, receiving a second read request from a secondreading client application, the second reading application being thewriting client application, the first reading client application, or adifferent client application; and in response to the second readrequest, accessing the record in the blockchain based on the entry or anupdated entry in the index that maps the first identifier to thelocation of at least part of the record in the one or more blockchainsand providing the record to the second reading client application,wherein the write request, the first read request, and the second readrequest are representational state transfer application programinterface requests, and at least part of the record is streamed to thesecond reading client application before the entire record is retrievedfrom the one or more blockchains.

In some embodiments, the API is a representational state transfer (REST)API configured to convey API commands via hypertext transport protocolsecure (HTTPS). In some embodiments, such commands may include an APIbase URI corresponding to the API server, one or more paths appended tothe base URI corresponding to different resources accessed via the APIserver, and corresponding API endpoint URLs may be responsive to one ormore of a discrete set of verbs, or methods, corresponding to operationsto be performed on those resources at those endpoints, such as POST,GET, PATCH, and the like. In some cases, these operations may correspondto read or write operations, for instance in the case of POST and GET.In some cases, API commands may further include API parameters, which insome cases, may be appended to the URL as part of a query string, e.g.,as a set of key-value pairs delimited from the URL prefix with a “$” anddelimited from one another with an ampersand. In some cases, queryparameters may include an authentication credential, and embodiments mayselectively grant access to corresponding portions of the database inresponse to verifying the authentication credential.

In some embodiments, the API may expose functionality by which a varietyof different data sets are accessed, including relatively small, singlebit or single byte values, up to files or other binary large objects(BLOBs), which may be larger than 1 kB, 1 MB, 100 MB, or multi-gigabyteobjects. BLOBs may include any of a variety of different types of data,including video files, audio files, machine images, database images, tarfiles, and the like.

In some embodiments, a variety of different client applications,including third-party client applications without access to source codeby which the API is implemented, may interface with the API. Shieldingthese applications from complexity of database operations may bechallenging in some cases. In some cases, stored data may exhibit arelatively wide range of performance characteristics in virtue of theway in which the data is stored, as described herein, and someparticularly large BLOBs may exhibit relatively large latency whenretrieving values or storing values, while some smaller collections ofdata may yield operations that respond relatively quickly. Thisvariability may present issues in certain sequences of databaseoperations, for example, when a write operation is followed relativelyquickly (relative to the amount of latency in a write operation) with aread operation requesting that the data that is to be written besubsequently read. For some large BLOBs, the data being written may notyet have completed the write operation before the read request isreceived, and this (if handled with more naïve approaches—which are notdisclaimed) may impose a relatively large amount of latency on the readoperation if the process waits until the write is fully committed beforereturning values in a read. Further, waiting until the entire binarylarge object is read before providing the first byte responsive to theread request may impose unacceptable latency for some use cases, such asthose in which files are streamed (like video of audio).

In some embodiments, these issues may be mitigated with an API serverthat implement some of the described techniques. In some embodiments,the API may afford access to blockchain data via hypertext transportprotocol API requests, such as via a RESTful API. This is expected toextend the reach of blockchain data into a wide variety of different usecases, ranging from storing (and retrieving) program state for backendservices to storing and returning data to client applications, likeservicing requests from web browsers or from native applications fordata to populate user interfaces thereof.

In some embodiments, an API server may implement part of, and existwithin, the architecture illustrated in FIG. 15 , or be incorporatedinto the architecture illustrated in FIG. 1 .

FIG. 15 is a logical and physical architecture block diagram that showsan example of a computing environment in which an applicationprogramming interface may be implemented in accordance with someembodiments. Although the API is discussed at length with respect toFIG. 15 , similar principals may apply to the environment of FIG. 1 .

As noted above, blockchains, for applications in secure distributedstorage 16, generally allow for small bits of information to be storedin an immutable data structure; the moment data in the chain is altered,the chain is broken and generally can no longer function. The mostcommon blockchain implementation is the publicly accessible Bitcoinledger (for which blockchains were designed).

However, many extant blockchain systems are not well suited for certainuse cases. Blockchains are typically immutable, and therefore once datais committed to the chain, under most circumstances it is consideredpermanent. This can lead to scalability challenges as the chain can growto be very large with no ability to reduce the size of the chain (noneof which is to suggest that systems with immutable blockchain aredisclaimed for all embodiments or are inconsistent with someimplementations).

These, and other problems, are mitigated by some embodiments of thesystem introduced above referred to as “Docuchain.” Docuchain, in someembodiments, is a blockchain software suite for low-latency put and getoperations of BLOBs. Docuchain, in some embodiments, uses an improvedversion of a hash function for a blockchain. In some embodiments, thesecure distributed storage 516 illustrated in FIG. 15 is implementedwithin the context of Docuchain.

In some embodiments, writes of large BLOBs to the Docuchain Network(e.g., secure distributed storage 516) may take longer than writes toless secure data repositories, like a write to local or cloud basedpersistent storage 515, e.g., an S3 bucket in FIG. 15 . In some cases, aread request may be received before a write to the Docuchain Network iscompleted. To service these request, some embodiments may detect that awrite is for a BLOB of larger than a threshold size, e.g., 800 bytes,and in response, write an encrypted copy to the lower-latency form ofpersistent storage (e.g., an S3 bucket) and also, possibly takinglonger, write a copy to the Docuchain Network 516 with techniquesdescribed elsewhere herein. In response to receiving a read requestbefore the Docuchain write is complete, some embodiments may detect thatthe write is incomplete and, in response, service the read request byretrieving the copy of from the cache in the lower-latency persistentstorage 515. Some embodiments may retire the cache record in response tothe Docuchain write completing.

Representational State Transfer (REST) Interaction with a Blockchain forthe Purpose of Storing BLOBs

The REST design pattern for APIs provides a common set of operations fordata within the context of interacting with third party services.Because of the uniformity provided by REST, this method of exposingoperations is expected to facilitation adoption by developers.

However, blockchains are often large and specialized systems notunderstood by all developers, however REST APIs follow patterns that areexpected to ease integration. By exposing a consistent API, developerscan extend the reach of blockchain technology.

Some embodiments store large amounts of data (BLOBs). The REST APIserves as a method of abstraction to allow Docuchain to be as availableas a system like Amazon S3™.

In some embodiments, the REST API is implemented with one or morecomponents to service requests, like API requests, for which responsesto those requests include data from a secure distributed storage, like aDocuchain.

Streaming of Data (BLOBs) into a Blockchain

Streaming of data is a useful approach to handling of large files andother BLOBs. Many existing interfaces to blockchains are complex andproprietary. Additionally, those interaction protocols are oftendesigned to handle small values (<100 bytes each). Putting larger valuesover the queueing and messaging systems used to get data to and from ablockchain based repository is against best-practices and will causesignificant performance bottlenecks (which is not to suggest that theseor any other approach is disclaimed).

Some embodiments read BLOBs by streaming and seeking on a handle thatrepresents a pointer to a file. Some embodiments achieve this with thefollowing system components:

-   -   a. Data Gateway Lite 510—a light-weight layer exposing a (REST)        API for getting and putting of data,    -   b. RabbitMQ—queueing and messaging system (used primarily in a        remote procedure call (RPC) configuration where each Data        Gateway Lite puts requests on a central request queue but        receives responses on an individual ‘response’ queue),    -   c. A persistent distributed file-store 515 (e.g., implemented on        S3 or similar storage system),    -   d. Scribe 505—receives the data, breaks the data into fragments,        and stores each fragment in a chain (scatter general process)

The API 510, in some embodiments, exposes two operations (read andwrite), but due to overhead, some embodiments break those into fourcases: read and write operations on one axis, and small (e.g., smallerthan 800 bytes) and large (e.g., larger than or equal to than 800 bytes)values on the adjacent access.

In some embodiments the relational database 525 is a lower trustdatabase, such as a lower trust database as described herein. In someembodiments, an end-user facing font-end 520 is supported, the end-userfacing front-end 520 displaying and querying for or uploading data,which may be user data, and those read/write operations may, in somecases, pertain to data for read/write from the secure storage 516 andpass on to the gateway API 510.

The table below shows this and each case is explained below. Under allfour cases, the action is audited to a separate blockchain.

Large Values (800 bytes) Small Values (800 bytes) Write Operation Case ACase B Read Operation Case C Case D

Case A: This is the more difficult case. Because of design objectives ofRabbitMQ, some embodiments avoid just accepting a BLOB and putting itonto the queue. Instead, some embodiments use a file store (component‘c’ from above) and Rijndael's implementation of AES256. The DataGateway (a) may take the BLOB as it is coming in, generate a one-timeuse symmetric encryption key, encrypt the data in-flight, and stream itinto file store (c). At that point, the data gateway may take the pathin the file store for the data that it just wrote as well as thesymmetric encryption key and put (e.g., just) those values on the queuefor the Scribe (d) to receive. Once the scribe (d) receives the data, itmay retrieve the data out of the file store (c) and set the cursorposition of that stream to the end of the file minus epsilon (whereepsilon is the desired fragment size described in scatter generalprocess). It may read forward in that file epsilon-number of bytes, sendthose bytes to be scattered, and then move the cursor backwards to thewhere the beginning of the next fragment is located. Thisback-forward-back pattern is useful in some cases because the data maybe written to the chain in a ‘linked-list’ fashion; additionally,because of the immutable properties of the chain, it is helpful forembodiments to access a data-fragment's “next” pointer before writingthe fragment, as described herein. After the last fragment (e.g., thefirst fragment of the BLOB) is written, the txid (e.g., a pointer, alsocalled a reference or token indication a location of a first fragment inthe secure decentralized storage 516) is sent on the response queue tothe data-gateway to be mapped back to a reference token, which may beprovided back to a client application (e.g., a client application 530)as an entry point to retrieve the stored value.

Case B: For small values, the process may remain the same with theexception of bypassing the file store (c). Instead of sending data tothe file-store first, the data may be sent directly over the queue.

Cases C and D: Reads may be treated identically regardless of whetherthe data written was large or small. The Scribe may receive a requestfor a txid, send this value in a read request to the correspondingblockchain and get, in response, the first fragment of data. At thatpoint, the scribe may send a response over the response queue with thatfragment of data. It may continue its search, following that fragments‘next’ pointer and sending each fragment over the response channel assoon as it's received. Advantageously, the data gateway (and clientapplication) may begin to receive data immediately (e.g., within thelatency of reading the first byte) rather than waiting until the searchis fully completed before receiving the first byte. In some embodiments,the last fragment is marked as such, and the data gateway may detectthis flag and, in response, close the response channel to the clientapplication after that.

In some implementations, in some use cases of Case A described above, avariation may be implemented (which is not to suggest that otherdescriptions are limiting) when the user (e.g., client application)sends a ‘put’ (or POST) request immediately followed by a ‘get’ request.In this case, the data might not be completely done scattering yet. Inthis case, some embodiments access the encryption key for that file,retrieve the file from the file store (c) and deliver the file back tothe end user application (e.g., with the key, or after decrypting withthe key). Some embodiments may also log that this action took place in amanner described herein.

Method of Deferred Writes in Blockchains

Deferred writes, in some embodiments, allow client systems to haveaccess to the ‘pointer’ to their data even before the data is done beingscattered. This allows background (e.g., concurrent while servicing aread) processing of BLOB objects that client processes may haveuploaded.

Many operations accessing a Blockchain contains two components: diskinput/output (I/O) and compute (e.g., analysis of the data, verificationof the absence of tampering, and calculation of cryptographic hashvalues for cryptographic hash pointers). Because the blockchainexercises two highly-contended pieces of the computer, it is much moredifficult to achieve performance equal to a disk or other native filesystem.

Some embodiments mitigate this issue by using a system of deferredwrites. In some embodiments, the client is given back a ‘referencetoken’ on each write request (in some cases, before the write iscommitted to a secure decentralized storage 516). This ‘reference tokenmay be how the client indicates which data to access in the future,e.g., by sending a read request with the token, which may indicateeither pre-commit to a blockchain, a temporary location of the storeddata in a lower-latency data store (e.g., in encrypted form), or after acommit to the blockchain, a location in the blockchain where thecorresponding value, or initial segment of the value, is stored.

Once the data being written is accepted by the data gateway (e.g.,encrypted and stored in a low-latency repository, like an in-memorydatabase) and the reference token is given back to the client, the datais processed in the background (e.g., in a manner that is transparent tothe client application). Once the data is scattered, a lower-trustdatabase (LTDB) may be updated with an entry that maps the referencetoken to the actual TXID. After acceptance but before a full commit tothe higher latency data store (like storage 516), the lower-trustdatabase may associate the reference token with an encrypted copy of thedata to be committed.

In some embodiments, these write, read, and other described operationswithin the API (including the client-write and the reference tokenassignment) are logged in a separate blockchain (“audit chain”) tofacilitate auditing. If the LTDB were to ever be destroyed, it can bereconstructed by ‘replaying’ the audit chain into the LTDB's RDBMs.

Thus, some embodiments may provide a system of tokenization in which thereturned token sent to the client is a token that does not directly mapto data stored in a blockchain; it maps to another token (a txid) that,in some cases (e.g., for larger files), does not exist at the time thatthe first token is generated. It is bound later and ‘certified’ correctby the audit chain in some embodiments.

Consensus from within Private Blockchain Networks

As described above, systems like bitcoind typically implement apeer-to-peer system based on some combination of encryption, consensusalgorithms, and proof-of-X, where X is some aspect that is difficult toconsolidate across the network, such as proof-of-work, proof-of-stake,proof-of-storage, etc. Typically, those actors on a network havingproof-of-X arrive at a consensus regarding the validation ofpeer-to-peer transactions, often using various consensus algorithms likePaxos, Raft, or hashgraph. Or some private blockchains do not implementproof-of-X consensus, e.g., where the computing hardware implementingthe blockchain is controlled by trusted parties. Chained cryptographicoperations tie a sequence of such transactions into a chain that oncevalidated, is typically prohibitively computationally expensive tofalsify.

However, many extant blockchain-based databases are not well suited forcertain use cases, particularly those involving latency-sensitive access(e.g., reading or writing) to large files (e.g., documents or othercollections of binary data treated as a single entity, often called“blobs”), for instance in a blockchain-hosted filesystem. Indeed, manyblockchain databases are not readily configured to store large objectsand object files (e.g., on the order of 500 kilobytes or larger,depending on the use case and acceptable latency), as such systems aretypically highly specialized for small-payload “transactional”applications. In such systems, when storing larger collections of binarydata (e.g., files or blobs), the chain can dramatically slow as thechain gets bigger, particularly for write operations.

Some embodiments of consensus from within private blockchain networksinclude a process including one or more of the following operations:receiving, at a master node, a record to be stored and replicated in aplurality of blockchains; writing a first segment of the record in afirst blockchain at the master node and obtaining, as a result, a firstreference token; writing a second segment of the record in the firstblockchain at the master node and obtaining, as a result, a secondreference token; providing, from the master node, to a follower node,the first segment, the first reference token, the second segment, andthe second reference token; writing the first segment of the record in asecond blockchain at the follower node and obtaining, as a result, athird reference token; writing the second segment of the record in thesecond blockchain at the follower node and obtaining, as a result, athird reference token; and determining that the first reference tokenmatches the third reference token and that the second reference tokenmatches the fourth reference token and, in response, confirming writingof the record to the plurality of blockchains.

In some embodiments, a secure distributed storage, e.g., such as storage16 as illustrated in FIG. 1 , may be implemented on a blockchainnetwork, e.g., of peer storage compute nodes 26.

Highly-available data-sources often benefit from supporting a method ofreplicating its data to other nodes of similar configuration for thepurpose of providing fault tolerance. Blockchains, for similar reasons,often need to support replication and consensus. Because of theimmutable properties of blockchain, some embodiments are able tosimultaneously (or at least concurrently) replicate the data stored in ablockchain and guarantee that the data has not been tampered with.

Example parameters are helpful for explanation. Assume: t is an axis oftime, D[ ] is the ordered set of data to be written, X[ ] is the set ofresultant TXIDs (also called pointers or reference tokens, which maypoint to a first segment of a linked list of segments storing a recordin one or more blockchains, or may point to a single entry where anentire record is stored) that correspond to writes D, B is the set ofblockchain nodes where, in this case, B[0] is the accepted master nodeand is the only node that can accept writes, in this example. In somecases, each blockchain node may store an instance of a given blockchain(at least according to that node), and embodiments may determine aconsensus view on the correctness of respective instances of the givenblockchain.

According to these parameters, some embodiments may operate as follows:

-   -   t[0]=>Client writes data D[0] to node B[0]'s blockchain which        generates X[0].    -   t[1]=>B[0] sends a replication “put” packet to node B[1] and        B[2], which includes (e.g., consists of) D[0] and X[0]. This        operation can be performed on the nodes in parallel and        independently of each other, e.g., concurrently.    -   t[2]=>B[1] (and B[2] may take the replication packet, and write        D[0] to its copy of the chain and generate its intermediate TXID        i and determine whether X[0]==i. If that condition is true,        embodiments may in response determine that all transactions in        both blockchains are identical, as both transactions yielded the        same TXID.    -   t[3]=>B[1] returns a successful replication “put” operation.    -   t[4 . . . ]=>the process repeats in order for all transactions        and all members of the network, in some embodiments.

In some embodiments, storage compute nodes 26 only write in a veryspecific order in a “block” at a time, and any given write alwayshappens in the last position of the last block (the ‘tail’ of thelogical file). As a result, the same writes performed to the same chainin the same order, in some embodiments, will always generate the sameTXIDs. It is because of this, that all of the nodes operate completelyindependently in some embodiments.

In some embodiments, only a master storage compute node accepts writes,and if a non-master node receives a write from a client, it may forwardthe request to the master, which may perform the replication. In someembodiments, the master node will not accept the client's writeoperation as complete until a majority of the adjacent network nodeshave confirmed that the replication was successful. In contrast, in someembodiments, any storage compute node can accept (and service) a readoperation at any time.

In some embodiments, if a storage compute node becomes out of sync, itmay respond by copying all but the last block as files across thenetwork. It may replicate up to the last transaction of that block via‘replaying’ the transactions through the t[0] to t[4] steps outlinedabove. It may then issue a global distributed lock to all storagecompute nodes (to eliminate, or mitigate the risk of, race cases),completely sync the last transaction and then release the transaction.In such examples, in some embodiments, the only locking operation is thesingle last transaction.

In some embodiments, leader (also called master) and follower (alsocalled non-master) roles may be determined in a decentralized fashion,i.e., without a central authority assigning roles. In some cases, leaderstorage compute nodes are elected by voting of all of the storagecompute nodes on the network. Leader election may only need to happenwhen a network is only initially coming online (e.g., if all nodes areoffline and then need to come online). In some embodiments, the nodewith the longest, most “correct” chain (as determined by peer nodes andindicated in votes of peer nodes) is elected the leader (correct isdefined as successive series of validated blocks such that all of thehashes match to complete the ‘chain’).

Many consensus algorithms, such as RaFT and Paxos, impose relativelylarge computational and bandwidth overhead due to their complexity(which is not to suggest that these or any other approach isdisclaimed). However, because some embodiments have a defined order ofoperations, some embodiments are able to eliminate a large amount ofcomplexity. Some embodiments accomplish this by telling the nodereceiving the replicated packets the ‘expected’ TXID as part of thereplicated write. This consolidates the propose/accept steps fromtraditional replication and consensus algorithms. In some cases, thepointer into the blockchain for a record's first segment (or nextsegment) may also serve as a checksum by which writes are validated viaconsensus protocol.

FIG. 16 is a diagram that illustrates an exemplary computing system 1000in accordance with embodiments of the present technique. Variousportions of systems and methods described herein, may include or beexecuted on one or more computer systems similar to computing system1000. Further, processes and modules described herein may be executed byone or more processing systems similar to that of computing system 1000.

Computing system 1000 may include one or more processors (e.g.,processors 1010 a-1010 n) coupled to system memory 1020, an input/outputI/O device interface 1030, and a network interface 1040 via aninput/output (I/O) interface 1050. A processor may include a singleprocessor or a plurality of processors (e.g., distributed processors). Aprocessor may be any suitable processor capable of executing orotherwise performing instructions. A processor may include a centralprocessing unit (CPU) that carries out program instructions to performthe arithmetical, logical, and input/output operations of computingsystem 1000. A processor may execute code (e.g., processor firmware, aprotocol stack, a database management system, an operating system, or acombination thereof) that creates an execution environment for programinstructions. A processor may include a programmable processor. Aprocessor may include general or special purpose microprocessors. Aprocessor may receive instructions and data from a memory (e.g., systemmemory 1020). Computing system 1000 may be a uni-processor systemincluding one processor (e.g., processor 1010 a), or a multi-processorsystem including any number of suitable processors (e.g., 1010 a-1010n). Multiple processors may be employed to provide for parallel orsequential execution of one or more portions of the techniques describedherein. Processes, such as logic flows, described herein may beperformed by one or more programmable processors executing one or morecomputer programs to perform functions by operating on input data andgenerating corresponding output. Processes described herein may beperformed by, and apparatus can also be implemented as, special purposelogic circuitry, e.g., an FPGA (field programmable gate array) or anASIC (application specific integrated circuit). Computing system 1000may include a plurality of computing devices (e.g., distributed computersystems) to implement various processing functions.

I/O device interface 1030 may provide an interface for connection of oneor more I/O devices 1060 to computer system 1000. I/O devices mayinclude devices that receive input (e.g., from a user) or outputinformation (e.g., to a user). I/O devices 1060 may include, forexample, graphical user interface presented on displays (e.g., a cathoderay tube (CRT) or liquid crystal display (LCD) monitor), pointingdevices (e.g., a computer mouse or trackball), keyboards, keypads,touchpads, scanning devices, voice recognition devices, gesturerecognition devices, printers, audio speakers, microphones, cameras, orthe like. I/O devices 1060 may be connected to computer system 1000through a wired or wireless connection. I/O devices 1060 may beconnected to computer system 1000 from a remote location. I/O devices1060 located on remote computer system, for example, may be connected tocomputer system 1000 via a network and network interface 1040.

Network interface 1040 may include a network adapter that provides forconnection of computer system 1000 to a network. Network interface may1040 may facilitate data exchange between computer system 1000 and otherdevices connected to the network. Network interface 1040 may supportwired or wireless communication. The network may include an electroniccommunication network, such as the Internet, a local area network (LAN),a wide area network (WAN), a cellular communications network, or thelike.

System memory 1020 may be configured to store program instructions 1100or data 1110. Program instructions 1100 may be executable by a processor(e.g., one or more of processors 1010 a-1010 n) to implement one or moreembodiments of the present techniques. Instructions 1100 may includemodules of computer program instructions for implementing one or moretechniques described herein with regard to various processing modules.Program instructions may include a computer program (which in certainforms is known as a program, software, software application, script, orcode). A computer program may be written in a programming language,including compiled or interpreted languages, or declarative orprocedural languages. A computer program may include a unit suitable foruse in a computing environment, including as a stand-alone program, amodule, a component, or a subroutine. A computer program may or may notcorrespond to a file in a file system. A program may be stored in aportion of a file that holds other programs or data (e.g., one or morescripts stored in a markup language document), in a single filededicated to the program in question, or in multiple coordinated files(e.g., files that store one or more modules, sub programs, or portionsof code). A computer program may be deployed to be executed on one ormore computer processors located locally at one site or distributedacross multiple remote sites and interconnected by a communicationnetwork.

System memory 1020 may include a tangible program carrier having programinstructions stored thereon. A tangible program carrier may include anon-transitory computer readable storage medium. A non-transitorycomputer readable storage medium may include a machine readable storagedevice, a machine readable storage substrate, a memory device, or anycombination thereof. Non-transitory computer readable storage medium mayinclude non-volatile memory (e.g., flash memory, ROM, PROM, EPROM,EEPROM memory), volatile memory (e.g., random access memory (RAM),static random access memory (SRAM), synchronous dynamic RAM (SDRAM)),bulk storage memory (e.g., CD-ROM and/or DVD-ROM, hard-drives), or thelike. System memory 1020 may include a non-transitory computer readablestorage medium that may have program instructions stored thereon thatare executable by a computer processor (e.g., one or more of processors1010 a-1010 n) to cause the subject matter and the functional operationsdescribed herein. A memory (e.g., system memory 1020) may include asingle memory device and/or a plurality of memory devices (e.g.,distributed memory devices). Instructions or other program code toprovide the functionality described herein may be stored on a tangible,non-transitory computer readable media. In some cases, the entire set ofinstructions may be stored concurrently on the media, or in some cases,different parts of the instructions may be stored on the same media atdifferent times.

I/O interface 1050 may be configured to coordinate I/O traffic betweenprocessors 1010 a-1010 n, system memory 1020, network interface 1040,I/O devices 1060, and/or other peripheral devices. I/O interface 1050may perform protocol, timing, or other data transformations to convertdata signals from one component (e.g., system memory 1020) into a formatsuitable for use by another component (e.g., processors 1010 a-1010 n).I/O interface 1050 may include support for devices attached throughvarious types of peripheral buses, such as a variant of the PeripheralComponent Interconnect (PCI) bus standard or the Universal Serial Bus(USB) standard.

Embodiments of the techniques described herein may be implemented usinga single instance of computer system 1000 or multiple computer systems1000 configured to host different portions or instances of embodiments.Multiple computer systems 1000 may provide for parallel or sequentialprocessing/execution of one or more portions of the techniques describedherein.

Those skilled in the art will appreciate that computer system 1000 ismerely illustrative and is not intended to limit the scope of thetechniques described herein. Computer system 1000 may include anycombination of devices or software that may perform or otherwise providefor the performance of the techniques described herein. For example,computer system 1000 may include or be a combination of acloud-computing system, a data center, a server rack, a server, avirtual server, a desktop computer, a laptop computer, a tabletcomputer, a server device, a client device, a mobile telephone, apersonal digital assistant (PDA), a mobile audio or video player, a gameconsole, a vehicle-mounted computer, or a Global Positioning System(GPS), or the like. Computer system 1000 may also be connected to otherdevices that are not illustrated, or may operate as a stand-alonesystem. In addition, the functionality provided by the illustratedcomponents may in some embodiments be combined in fewer components ordistributed in additional components. Similarly, in some embodiments,the functionality of some of the illustrated components may not beprovided or other additional functionality may be available.

Those skilled in the art will also appreciate that while various itemsare illustrated as being stored in memory or on storage while beingused, these items or portions of them may be transferred between memoryand other storage devices for purposes of memory management and dataintegrity. Alternatively, in other embodiments some or all of thesoftware components may execute in memory on another device andcommunicate with the illustrated computer system via inter-computercommunication. Some or all of the system components or data structuresmay also be stored (e.g., as instructions or structured data) on acomputer-accessible medium or a portable article to be read by anappropriate drive, various examples of which are described above. Insome embodiments, instructions stored on a computer-accessible mediumseparate from computer system 1000 may be transmitted to computer system1000 via transmission media or signals such as electrical,electromagnetic, or digital signals, conveyed via a communication mediumsuch as a network or a wireless link. Various embodiments may furtherinclude receiving, sending, or storing instructions or data implementedin accordance with the foregoing description upon a computer-accessiblemedium. Accordingly, the present techniques may be practiced with othercomputer system configurations.

In block diagrams, illustrated components are depicted as discretefunctional blocks, but embodiments are not limited to systems in whichthe functionality described herein is organized as illustrated. Thefunctionality provided by each of the components may be provided bysoftware or hardware modules that are differently organized than ispresently depicted, for example such software or hardware may beintermingled, conjoined, replicated, broken up, distributed (e.g. withina data center or geographically), or otherwise differently organized.The functionality described herein may be provided by one or moreprocessors of one or more computers executing code stored on a tangible,non-transitory, machine readable medium. In some cases, notwithstandinguse of the singular term “medium,” the instructions may be distributedon different storage devices associated with different computingdevices, for instance, with each computing device having a differentsubset of the instructions, an implementation consistent with usage ofthe singular term “medium” herein. In some cases, third party contentdelivery networks may host some or all of the information conveyed overnetworks, in which case, to the extent information (e.g., content) issaid to be supplied or otherwise provided, the information may providedby sending instructions to retrieve that information from a contentdelivery network.

The reader should appreciate that the present application describesseveral independently useful techniques. Rather than separating thosetechniques into multiple isolated patent applications, applicants havegrouped these techniques into a single document because their relatedsubject matter lends itself to economies in the application process. Butthe distinct advantages and aspects of such techniques should not beconflated. In some cases, embodiments address all of the deficienciesnoted herein, but it should be understood that the techniques areindependently useful, and some embodiments address only a subset of suchproblems or offer other, unmentioned benefits that will be apparent tothose of skill in the art reviewing the present disclosure. Due to costsconstraints, some techniques disclosed herein may not be presentlyclaimed and may be claimed in later filings, such as continuationapplications or by amending the present claims. Similarly, due to spaceconstraints, neither the Abstract nor the Summary of the Inventionsections of the present document should be taken as containing acomprehensive listing of all such techniques or all aspects of suchtechniques.

It should be understood that the description and the drawings are notintended to limit the present techniques to the particular formdisclosed, but to the contrary, the intention is to cover allmodifications, equivalents, and alternatives falling within the spiritand scope of the present techniques as defined by the appended claims.Further modifications and alternative embodiments of various aspects ofthe techniques will be apparent to those skilled in the art in view ofthis description. Accordingly, this description and the drawings are tobe construed as illustrative only and are for the purpose of teachingthose skilled in the art the general manner of carrying out the presenttechniques. It is to be understood that the forms of the presenttechniques shown and described herein are to be taken as examples ofembodiments. Elements and materials may be substituted for thoseillustrated and described herein, parts and processes may be reversed oromitted, and certain features of the present techniques may be utilizedindependently, all as would be apparent to one skilled in the art afterhaving the benefit of this description of the present techniques.Changes may be made in the elements described herein without departingfrom the spirit and scope of the present techniques as described in thefollowing claims. Headings used herein are for organizational purposesonly and are not meant to be used to limit the scope of the description.

As used throughout this application, the word “may” is used in apermissive sense (i.e., meaning having the potential to), rather thanthe mandatory sense (i.e., meaning must). The words “include”,“including”, and “includes” and the like mean including, but not limitedto. As used throughout this application, the singular forms “a,” “an,”and “the” include plural referents unless the content explicitlyindicates otherwise. Thus, for example, reference to “an element” or “aelement” includes a combination of two or more elements, notwithstandinguse of other terms and phrases for one or more elements, such as “one ormore.” The term “or” is, unless indicated otherwise, non-exclusive,i.e., encompassing both “and” and “or.” Terms describing conditionalrelationships, e.g., “in response to X, Y,” “upon X, Y,”, “if X, Y,”“when X, Y,” and the like, encompass causal relationships in which theantecedent is a necessary causal condition, the antecedent is asufficient causal condition, or the antecedent is a contributory causalcondition of the consequent, e.g., “state X occurs upon condition Yobtaining” is generic to “X occurs solely upon Y” and “X occurs upon Yand Z.” Such conditional relationships are not limited to consequencesthat instantly follow the antecedent obtaining, as some consequences maybe delayed, and in conditional statements, antecedents are connected totheir consequents, e.g., the antecedent is relevant to the likelihood ofthe consequent occurring. Statements in which a plurality of attributesor functions are mapped to a plurality of objects (e.g., one or moreprocessors performing steps A, B, C, and D) encompasses both all suchattributes or functions being mapped to all such objects and subsets ofthe attributes or functions being mapped to subsets of the attributes orfunctions (e.g., both all processors each performing steps A-D, and acase in which processor 1 performs step A, processor 2 performs step Band part of step C, and processor 3 performs part of step C and step D),unless otherwise indicated. Further, unless otherwise indicated,statements that one value or action is “based on” another condition orvalue encompass both instances in which the condition or value is thesole factor and instances in which the condition or value is one factoramong a plurality of factors. Unless otherwise indicated, statementsthat “each” instance of some collection have some property should not beread to exclude cases where some otherwise identical or similar membersof a larger collection do not have the property, i.e., each does notnecessarily mean each and every. Limitations as to sequence of recitedsteps should not be read into the claims unless explicitly specified,e.g., with explicit language like “after performing X, performing Y,” incontrast to statements that might be improperly argued to imply sequencelimitations, like “performing X on items, performing Y on the X′editems,” used for purposes of making claims more readable rather thanspecifying sequence. Statements referring to “at least Z of A, B, andC,” and the like (e.g., “at least Z of A, B, or C”), refer to at least Zof the listed categories (A, B, and C) and do not require at least Zunits in each category. Unless specifically stated otherwise, asapparent from the discussion, it is appreciated that throughout thisspecification discussions utilizing terms such as “processing,”“computing,” “calculating,” “determining” or the like refer to actionsor processes of a specific apparatus, such as a special purpose computeror a similar special purpose electronic processing/computing device.

In this patent, certain U.S. patents, U.S. patent applications, or othermaterials (e.g., articles) have been incorporated by reference. The textof such U.S. patents, U.S. patent applications, and other materials is,however, only incorporated by reference to the extent that no conflictexists between such material and the statements and drawings set forthherein. In the event of such conflict, the text of the present documentgoverns.

What is claimed is:
 1. A tangible, non-transitory, machine-readablemedium storing instructions that when executed by one or more processorseffectuate operations comprising: receiving a request for querying datawithin a database arrangement indicating at least a first databasehaving a first data structure and a second database having a second datastructure different from the first data structure, wherein: the firstdatabase is a relational database, the second database is a distributeddatabase, the first data structure comprises entries that correspond torows of a table and data fields that correspond to columns of the table,at least some of the data fields include references indicative oflocations of respective plain text values stored within the seconddatabase, and receiving a request comprises registering to obtain therequest from an application configured to query data and receive data ina schema compatible with the first database and not the second database;inspecting the request to identify that instructions for querying datain the first database include a query-language operator in the schemacompatible with the first database by which the first database isrequested to be searched with criteria satisfied by plain text values;in response to identifying a query-language operator, determining thatthe identified query-language operator indicates a data field associatedwith a set of entries in the first database populated with respectivereferences in a set of references, the set of references indicative oflocations of respective plain text values stored within the seconddatabase that correspond to respective entries in the set of entrieswithin the first database; translating the query-language operator fromthe schema configured to identify plain text values satisfying thecriteria within the data field into translated instructions for queryingwithin the set of references in the first database, the translatedinstructions comprising a reference or subset of references thatcorrespond to a location or locations of respective ones of the plaintext values in the second database that satisfy the criteria of thequery-language operator; and submitting, based on the translatedinstructions, a query to the first database to retrieve an entry or aset of entries having the reference or a reference in the subset ofreferences in the data field and providing a response to the request inthe schema compatible with the first database.
 2. The tangible,non-transitory, machine-readable medium of claim 1, wherein retrievingan entry within the set of entries comprises: obtaining a respectivereference from the data field of the entry within the first database;and requesting, based on the respective reference, the respective plaintext value from the second database.
 3. The tangible, non-transitory,machine-readable medium of claim 1, wherein: a respective referencestored for the data field of a respective entry is indicative of alocation of a record within the second database that includes arespective plain text value, at least some respective references storedfor the data field of respective ones of the entries are indicative ofdifferent locations within the second database, and the differentlocations within the second database correspond to locations ofdifferent, distinct, records within the second database.
 4. Thetangible, non-transitory, machine-readable medium of claim 1, wherein:the set of references indicative of locations of respective plain textvalues stored within the second database comprises a different, distinctreference for each different, distinct location, and the set ofreferences includes, for at least two plain text values having a samevalue, different, distinct references.
 5. The tangible, non-transitory,machine-readable medium of claim 1, wherein: the second data structurecomprises a directed acyclic graph of cryptographic hash pointers. 6.The tangible, non-transitory, machine-readable medium of claim 5,wherein: a reference indicative of a location of a respective plain textvalues includes a cryptographic hash pointer or a transaction identifiercorresponding to a node within the graph that contains at least a firstportion of the respective plain text value.
 7. The tangible,non-transitory, machine-readable medium of claim 1, wherein: the firstdata structure is a table in a relational database; and the second datastructure is a graph in a blockchain-based distributed database.
 8. Thetangible, non-transitory, machine-readable medium of claim 1, whereinreceiving a request for querying data within a database arrangementincluding at least a first database having a first data structure and asecond database having a second data structure different from the firstdata structure comprises: receiving the request from a client device,the request associated with the application configured to query data andreceive data in the schema compatible with the first database and notthe second database.
 9. The tangible, non-transitory, machine-readablemedium of claim 1, wherein inspecting the request to identify whetherinstructions for querying data in the first database include aquery-language operator in the schema compatible with the first databaseby which the first database is requested to be searched with criteriasatisfied by plain text values comprises: identifying an argumentcorresponding to the query-language operator; and determining whetherthe argument specifies criteria that multiple potential plain textvalues satisfy.
 10. The tangible, non-transitory, machine-readablemedium of claim 1, wherein inspecting the request to identify whetherinstructions for querying data in the first database include aquery-language operator in the schema compatible with the first databaseby which the first database is requested to be searched with criteriasatisfied by plain text values comprises: identifying a statement ofinstructions for querying data; evaluating the statement to identify oneor more query-language operators of the statement; determining, for thestatement, by evaluating each query-language operator, whichquery-language operators include an argument specifying criteria thatmultiple potential plain text values satisfy.
 11. The tangible,non-transitory, machine-readable medium of claim 10, wherein: theinstructions for querying data are Structure Query Languageinstructions; the statement includes two or more query-languageoperators; and the two or more query-language operators are executedsequentially.
 12. The tangible, non-transitory, machine-readable mediumof claim 1, wherein determining whether the identified query-languageoperator indicates a data field associated with a set of entries in thefirst database populated with respective references in a set ofreferences comprises: accessing a store including values indicative ofwhich data fields within the first database include references replacingplain text values; and determining whether an identifier of the datafield is associated with an indication that the data field comprisesreferences.
 13. The tangible, non-transitory, machine-readable medium ofclaim 1, wherein translating the query-language operator from the schemaconfigured to identify plain text values satisfying the criteria withinthe data field into translated instructions for querying within the setof references in the first database comprises: determining the referenceor the subset of references that correspond to the location or thelocations of the respective ones of the plain text values in the seconddatabase that satisfy the criteria of the query-language operator. 14.The tangible, non-transitory, machine-readable medium of claim 13,wherein translating the operational clause from a schema configured toidentify plain text values satisfying the criteria within the data fieldinto translated instructions for querying within the set of referencesin the first database further comprises: determining translatedinstructions comprising one or more of: a new query-language operatorcomprising an argument including the reference or one or more of thereferences in the subset of references, or for the query-languageoperator, a new argument including the reference or the subset ofreferences; and updating the instructions for querying data in the firstdatabase to include the new query-language operator or the new argumentfor the query-language operator.
 15. The tangible, non-transitory,machine-readable medium of claim 1, wherein translating thequery-language operator from the schema configured to identify plaintext values satisfying the criteria within the data field intotranslated instructions for querying within the set of references in thefirst database comprises: querying a service based on an argument of thequery-language operator to obtain the reference or the subset ofreferences that correspond to the location or the locations of therespective ones of the plain text values in the second database thatsatisfy the criteria of the query-language operator; determiningtranslated instructions comprising one or more of: a new query-languageoperator comprising an argument including the reference or one or moreof the references in the subset of references, or for the query-languageoperator, a new argument including the reference or the subset ofreferences; and updating the instructions for querying data in the firstdatabase to include the new query-language operator or the new argumentfor the query-language operator.
 16. The tangible, non-transitory,machine-readable medium of claim 1, wherein translating thequery-language operator from the schema configured to identify plaintext values satisfying the criteria within the data field intotranslated instructions for querying within the set of references in thefirst database comprises: querying a service based on the query-languageoperator to obtain translated instructions for the query-languageoperator comprising one or more of: a new query-language operatorcomprising an argument including the reference or one or more of thereferences in the subset of references, or for the query-languageoperator, a new argument including the reference or the subset ofreferences; and updating the instructions for querying data in the firstdatabase to include the new query-language operator or the new argumentfor the query-language operator.
 17. The tangible, non-transitory,machine-readable medium of claim 1, wherein translating thequery-language operator from the schema configured to identify plaintext values satisfying the criteria within the data field intotranslated instructions for querying within the set of references in thefirst database comprises: querying a service based on the request toobtain a translated request comprising translated instructions for thequery-language operator comprising one or more of: a new query-languageoperator comprising an argument including the reference or one or moreof the references in the subset of references, or for the query-languageoperator, a new argument including the reference or the subset ofreferences.
 18. The tangible, non-transitory, machine-readable medium ofclaim 1, wherein submitting a query to the first database to retrieve anentry or a set of entries having the reference or a reference in thesubset of references in the data field comprises: executing a querycomprising the translated instructions to retrieve the entry or the setof entries.
 19. The tangible, non-transitory, machine-readable medium ofclaim 1, wherein submitting a query to the first database to retrieve anentry or a set of entries having the reference or a reference in thesubset of references in the data field comprises: transmitting a querycomprising the translated instructions to retrieve the entry or the setof entries.
 20. A computer-implemented method comprising: receiving,with a computing system, a request for querying data within a databasearrangement indicating at least a first database having a first datastructure and a second database having a second data structure differentfrom the first data structure, wherein: the first database is arelational database, the second database is a distributed database, thefirst data structure comprises entries that correspond to rows of atable and data fields that correspond to columns of the table, at leastsome of the data fields include references indicative of locations ofrespective plain text values stored within the second database, andreceiving a request comprises registering to obtain the request from anapplication configured to query data and receive data in a schemacompatible with the first database and not the second database;inspecting, with the computing system, the request to identify thatinstructions for querying data in the first database include aquery-language operator in the schema compatible with the first databaseby which the first database is requested to be searched with criteriasatisfied by plain text values; in response to identifying aquery-language operator, determining, with the computing system, thatthe identified query-language operator indicates a data field associatedwith a set of entries in the first database populated with respectivereferences in a set of references, the set of references indicative oflocations of respective plain text values stored within the seconddatabase that correspond to respective entries in the set of entrieswithin the first database; translating, with the computing system, thequery-language operator from the schema configured to identify plaintext values satisfying the criteria within the data field intotranslated instructions for querying within the set of references in thefirst database, the translated instructions comprising a reference orsubset of references that correspond to a location or locations ofrespective ones of the plain text values in the second database thatsatisfy the criteria of the query-language operator; and submitting,with the computing system, based on the translated instructions, a queryto the first database to retrieve an entry or a set of entries havingthe reference or a reference in the subset of references in the datafield and providing a response to the request in the schema compatiblewith the first database.